From 9a13bb387d0e50a5dcb4f4324572687aea63b541 Mon Sep 17 00:00:00 2001 From: Rich Salz Date: Thu, 18 Feb 2016 12:23:27 -0500 Subject: [PATCH 1/1] GH681: More command help cleanup enc: - typo in -base64 option - missing help opt text ocsp, req, rsautl, s_client: - missing help opt text Signed-off-by: Rich Salz Reviewed-by: Tim Hudson --- apps/enc.c | 15 +++++++------ apps/ocsp.c | 3 ++- apps/req.c | 11 +++++----- apps/rsautl.c | 5 +++-- apps/s_client.c | 57 ++++++++++++++++++++++++++++++------------------- 5 files changed, 54 insertions(+), 37 deletions(-) diff --git a/apps/enc.c b/apps/enc.c index ab91369ee7..520ee47ebe 100644 --- a/apps/enc.c +++ b/apps/enc.c @@ -97,14 +97,15 @@ OPTIONS enc_options[] = { {"d", OPT_D, '-', "Decrypt"}, {"p", OPT_P, '-', "Print the iv/key"}, {"P", OPT_UPPER_P, '-', "Print the iv/key and exit"}, - {"v", OPT_V, '-'}, + {"v", OPT_V, '-', "Verbose output"}, {"nopad", OPT_NOPAD, '-', "Disable standard block padding"}, - {"salt", OPT_SALT, '-'}, - {"nosalt", OPT_NOSALT, '-'}, - {"debug", OPT_DEBUG, '-'}, - {"A", OPT_UPPER_A, '-'}, - {"a", OPT_A, '-', "base64 encode/decode, depending on encryption flag"}, - {"base64", OPT_A, '-', "Base64 output as a single line"}, + {"salt", OPT_SALT, '-', "Use salt in the KDF (default)"}, + {"nosalt", OPT_NOSALT, '-', "Do not use salt in the KDF"}, + {"debug", OPT_DEBUG, '-', "Print debug info"}, + {"a", OPT_A, '-', "Base64 encode/decode, depending on encryption flag"}, + {"base64", OPT_A, '-', "Same as option -a"}, + {"A", OPT_UPPER_A, '-', + "Used with -[base64|a] to specify base64 buffer as a single line"}, {"bufsize", OPT_BUFSIZE, 's', "Buffer size"}, {"k", OPT_K, 's', "Passphrase"}, {"kfile", OPT_KFILE, '<', "Fead passphrase from file"}, diff --git a/apps/ocsp.c b/apps/ocsp.c index f9ba4e158a..502adf1ba5 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -144,7 +144,8 @@ typedef enum OPTION_choice { OPTIONS ocsp_options[] = { {"help", OPT_HELP, '-', "Display this summary"}, {"out", OPT_OUTFILE, '>', "Output filename"}, - {"timeout", OPT_TIMEOUT, 'p'}, + {"timeout", OPT_TIMEOUT, 'p', + "Connection timeout (in seconds) to the OCSP responder"}, {"url", OPT_URL, 's', "Responder URL"}, {"host", OPT_HOST, 's', "host:prot top to connect to"}, {"port", OPT_PORT, 'p', "Port to run responder on"}, diff --git a/apps/req.c b/apps/req.c index 66bcabcdac..4900a92291 100644 --- a/apps/req.c +++ b/apps/req.c @@ -143,12 +143,12 @@ OPTIONS req_options[] = { {"config", OPT_CONFIG, '<', "Request template file"}, {"keyout", OPT_KEYOUT, '>', "File to send the key to"}, {"passin", OPT_PASSIN, 's', "Private key password source"}, - {"passout", OPT_PASSOUT, 's'}, + {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"}, {"rand", OPT_RAND, 's', "Load the file(s) into the random number generator"}, {"newkey", OPT_NEWKEY, 's', "Specify as type:bits"}, - {"pkeyopt", OPT_PKEYOPT, 's'}, - {"sigopt", OPT_SIGOPT, 's'}, + {"pkeyopt", OPT_PKEYOPT, 's', "Public key options as opt:value"}, + {"sigopt", OPT_SIGOPT, 's', "Signature parameter in n:v form"}, {"batch", OPT_BATCH, '-', "Do not ask anything during request generation"}, {"newhdr", OPT_NEWHDR, '-', "Output \"NEW\" in the header lines"}, @@ -156,7 +156,7 @@ OPTIONS req_options[] = { {"verify", OPT_VERIFY, '-', "Verify signature on REQ"}, {"nodes", OPT_NODES, '-', "Don't encrypt the output key"}, {"noout", OPT_NOOUT, '-', "Do not output REQ"}, - {"verbose", OPT_VERBOSE, '-'}, + {"verbose", OPT_VERBOSE, '-', "Verbose output"}, {"utf8", OPT_UTF8, '-', "Input characters are UTF8 (default ASCII)"}, {"nameopt", OPT_NAMEOPT, 's', "Various certificate name options"}, {"reqopt", OPT_REQOPT, 's', "Various request text options"}, @@ -177,7 +177,8 @@ OPTIONS req_options[] = { {"", OPT_MD, '-', "Any supported digest"}, #ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, - {"keygen_engine", OPT_KEYGEN_ENGINE, 's'}, + {"keygen_engine", OPT_KEYGEN_ENGINE, 's', + "Specify engine to be used for key generation operations"}, #endif {NULL} }; diff --git a/apps/rsautl.c b/apps/rsautl.c index f3c90b77c6..f00c2e3ad6 100644 --- a/apps/rsautl.c +++ b/apps/rsautl.c @@ -98,10 +98,11 @@ OPTIONS rsautl_options[] = { {"oaep", OPT_OAEP, '-', "Use PKCS#1 OAEP"}, {"sign", OPT_SIGN, '-', "Sign with private key"}, {"verify", OPT_VERIFY, '-', "Verify with public key"}, - {"asn1parse", OPT_ASN1PARSE, '-'}, + {"asn1parse", OPT_ASN1PARSE, '-', + "Run output through asn1parse; useful with -verify"}, {"hexdump", OPT_HEXDUMP, '-', "Hex dump output"}, {"x931", OPT_X931, '-', "Use ANSI X9.31 padding"}, - {"rev", OPT_REV, '-'}, + {"rev", OPT_REV, '-', "Reverse the order of the input buffer"}, {"encrypt", OPT_ENCRYPT, '-', "Encrypt with public key"}, {"decrypt", OPT_DECRYPT, '-', "Decrypt with private key"}, {"passin", OPT_PASSIN, 's', "Pass phrase source"}, diff --git a/apps/s_client.c b/apps/s_client.c index e820e7c03c..ca630f0a2f 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -692,7 +692,8 @@ OPTIONS s_client_options[] = { {"showcerts", OPT_SHOWCERTS, '-', "Show all certificates in the chain"}, {"debug", OPT_DEBUG, '-', "Extra output"}, {"msg", OPT_MSG, '-', "Show protocol messages"}, - {"msgfile", OPT_MSGFILE, '>'}, + {"msgfile", OPT_MSGFILE, '>', + "File to send output of -msg or -trace, instead of stdout"}, {"nbio_test", OPT_NBIO_TEST, '-', "More ssl protocol testing"}, {"state", OPT_STATE, '-', "Print the ssl states"}, {"crlf", OPT_CRLF, '-', "Convert LF from terminal into CRLF"}, @@ -715,21 +716,31 @@ OPTIONS s_client_options[] = { "Export len bytes of keying material (default 20)"}, {"fallback_scsv", OPT_FALLBACKSCSV, '-', "Send the fallback SCSV"}, {"name", OPT_SMTPHOST, 's', "Hostname to use for \"-starttls smtp\""}, - {"CRL", OPT_CRL, '<'}, - {"crl_download", OPT_CRL_DOWNLOAD, '-'}, - {"CRLform", OPT_CRLFORM, 'F'}, - {"verify_return_error", OPT_VERIFY_RET_ERROR, '-'}, - {"verify_quiet", OPT_VERIFY_QUIET, '-'}, - {"brief", OPT_BRIEF, '-'}, - {"prexit", OPT_PREXIT, '-'}, - {"security_debug", OPT_SECURITY_DEBUG, '-'}, - {"security_debug_verbose", OPT_SECURITY_DEBUG_VERBOSE, '-'}, - {"cert_chain", OPT_CERT_CHAIN, '<'}, - {"chainCApath", OPT_CHAINCAPATH, '/'}, - {"verifyCApath", OPT_VERIFYCAPATH, '/'}, - {"build_chain", OPT_BUILD_CHAIN, '-'}, - {"chainCAfile", OPT_CHAINCAFILE, '<'}, - {"verifyCAfile", OPT_VERIFYCAFILE, '<'}, + {"CRL", OPT_CRL, '<', "CRL file to use"}, + {"crl_download", OPT_CRL_DOWNLOAD, '-', "Download CRL from distribution points"}, + {"CRLform", OPT_CRLFORM, 'F', "CRL format (PEM or DER) PEM is default"}, + {"verify_return_error", OPT_VERIFY_RET_ERROR, '-', + "Close connection on verification error"}, + {"verify_quiet", OPT_VERIFY_QUIET, '-', "Restrict verify output to errors"}, + {"brief", OPT_BRIEF, '-', + "Restrict output to brief summary of connection parameters"}, + {"prexit", OPT_PREXIT, '-', + "Print session information when the program exits"}, + {"security_debug", OPT_SECURITY_DEBUG, '-', + "Enable security debug messages"}, + {"security_debug_verbose", OPT_SECURITY_DEBUG_VERBOSE, '-', + "Output more security debug output"}, + {"cert_chain", OPT_CERT_CHAIN, '<', + "Certificate chain file (in PEM format)"}, + {"chainCApath", OPT_CHAINCAPATH, '/', + "Use dir as certificate store path to build CA certificate chain"}, + {"verifyCApath", OPT_VERIFYCAPATH, '/', + "Use dir as certificate store path to verify CA certificate"}, + {"build_chain", OPT_BUILD_CHAIN, '-', "Build certificate chain"}, + {"chainCAfile", OPT_CHAINCAFILE, '<', + "CA file for certificate chain (PEM format)"}, + {"verifyCAfile", OPT_VERIFYCAFILE, '<', + "CA file for certificate verification (PEM format)"}, {"nocommands", OPT_NOCMDS, '-', "Do not use interactive command letters"}, {"servername", OPT_SERVERNAME, 's', "Set TLS extension servername in ClientHello"}, @@ -741,7 +752,7 @@ OPTIONS s_client_options[] = { {"alpn", OPT_ALPN, 's', "Enable ALPN extension, considering named protocols supported (comma-separated list)"}, {"async", OPT_ASYNC, '-', "Support asynchronous operation"}, - {"ssl_config", OPT_SSL_CONFIG, 's'}, + {"ssl_config", OPT_SSL_CONFIG, 's', "Use specified configuration file"}, OPT_S_OPTIONS, OPT_V_OPTIONS, OPT_X_OPTIONS, @@ -758,18 +769,19 @@ OPTIONS s_client_options[] = { {"tls1_2", OPT_TLS1_2, '-', "Just use TLSv1.2"}, #endif #ifndef OPENSSL_NO_DTLS - {"dtls", OPT_DTLS, '-'}, - {"timeout", OPT_TIMEOUT, '-'}, + {"dtls", OPT_DTLS, '-', "Use any version of DTLS"}, + {"timeout", OPT_TIMEOUT, '-', + "Enable send/receive timeout on DTLS connections"}, {"mtu", OPT_MTU, 'p', "Set the link layer MTU"}, #endif #ifndef OPENSSL_NO_DTLS1 {"dtls1", OPT_DTLS1, '-', "Just use DTLSv1"}, #endif #ifndef OPENSSL_NO_DTLS1_2 - {"dtls1_2", OPT_DTLS1_2, '-'}, + {"dtls1_2", OPT_DTLS1_2, '-', "Just use DTLSv1.2"}, #endif #ifndef OPENSSL_NO_SSL_TRACE - {"trace", OPT_TRACE, '-'}, + {"trace", OPT_TRACE, '-', "Show trace output of protocol messages"}, #endif #ifdef WATT32 {"wdebug", OPT_WDEBUG, '-', "WATT-32 tcp debugging"}, @@ -796,7 +808,8 @@ OPTIONS s_client_options[] = { #endif #ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, - {"ssl_client_engine", OPT_SSL_CLIENT_ENGINE, 's'}, + {"ssl_client_engine", OPT_SSL_CLIENT_ENGINE, 's', + "Specify engine to be used for client certificate operations"}, #endif {NULL} }; -- 2.34.1