From 12d56b2992ebd61e1b30c99ca1898dde42345cf7 Mon Sep 17 00:00:00 2001 From: FdaSilvaYY Date: Sun, 31 Jul 2016 19:02:50 +0200 Subject: [PATCH] Fix various missing option help messages ... Reviewed-by: Andy Polyakov Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/1585) --- apps/cms.c | 19 ++++++++++--------- apps/crl.c | 2 +- apps/gendsa.c | 2 +- apps/ocsp.c | 6 ++++-- apps/pkcs7.c | 2 +- apps/pkcs8.c | 2 +- apps/smime.c | 17 +++++++++-------- apps/spkac.c | 3 ++- apps/ts.c | 2 +- apps/x509.c | 16 ++++++++-------- 10 files changed, 38 insertions(+), 33 deletions(-) diff --git a/apps/cms.c b/apps/cms.c index b9eec2432a..ad292f5137 100644 --- a/apps/cms.c +++ b/apps/cms.c @@ -99,7 +99,7 @@ OPTIONS cms_options[] = { {"decrypt", OPT_DECRYPT, '-', "Decrypt encrypted message"}, {"sign", OPT_SIGN, '-', "Sign message"}, {"sign_receipt", OPT_SIGN_RECEIPT, '-', "Generate a signed receipt for the message"}, - {"resign", OPT_RESIGN, '-'}, + {"resign", OPT_RESIGN, '-', "Resign a signed message"}, {"verify", OPT_VERIFY, '-', "Verify signed message"}, {"verify_retcode", OPT_VERIFY_RETCODE, '-'}, {"verify_receipt", OPT_VERIFY_RECEIPT, '<'}, @@ -122,22 +122,22 @@ OPTIONS cms_options[] = { "Don't include signers certificate when signing"}, {"noattr", OPT_NOATTR, '-', "Don't include any signed attributes"}, {"nodetach", OPT_NODETACH, '-', "Use opaque signing"}, - {"nosmimecap", OPT_NOSMIMECAP, '-'}, + {"nosmimecap", OPT_NOSMIMECAP, '-', "Omit the SMIMECapabilities attribute"}, {"binary", OPT_BINARY, '-', "Don't translate message to text"}, {"keyid", OPT_KEYID, '-', "Use subject key identifier"}, {"nosigs", OPT_NOSIGS, '-', "Don't verify message signature"}, {"no_content_verify", OPT_NO_CONTENT_VERIFY, '-'}, {"no_attr_verify", OPT_NO_ATTR_VERIFY, '-'}, - {"stream", OPT_INDEF, '-'}, - {"indef", OPT_INDEF, '-'}, - {"noindef", OPT_NOINDEF, '-'}, + {"stream", OPT_INDEF, '-', "Enable CMS streaming"}, + {"indef", OPT_INDEF, '-', "Same as -stream"}, + {"noindef", OPT_NOINDEF, '-', "Disable CMS streaming"}, {"nooldmime", OPT_NOOLDMIME, '-'}, - {"crlfeol", OPT_CRLFEOL, '-'}, + {"crlfeol", OPT_CRLFEOL, '-', "Use CRLF as EOL termination instead of CR only" }, {"noout", OPT_NOOUT, '-', "For the -cmsout operation do not output the parsed CMS structure"}, - {"receipt_request_print", OPT_RR_PRINT, '-'}, + {"receipt_request_print", OPT_RR_PRINT, '-', "Print CMS Receipt Request" }, {"receipt_request_all", OPT_RR_ALL, '-'}, {"receipt_request_first", OPT_RR_FIRST, '-'}, - {"rctform", OPT_RCTFORM, 'F'}, + {"rctform", OPT_RCTFORM, 'F', "Receipt file format"}, {"certfile", OPT_CERTFILE, '<', "Other certificates file"}, {"CAfile", OPT_CAFILE, '<', "Trusted certificates file"}, {"CApath", OPT_CAPATH, '/', "trusted certificates directory"}, @@ -147,7 +147,8 @@ OPTIONS cms_options[] = { "Do not load certificates from the default certificates directory"}, {"content", OPT_CONTENT, '<', "Supply or override content for detached signature"}, - {"print", OPT_PRINT, '-', "For the -cmsout operation print out all fields of the CMS structure"}, + {"print", OPT_PRINT, '-', + "For the -cmsout operation print out all fields of the CMS structure"}, {"secretkey", OPT_SECRETKEY, 's'}, {"secretkeyid", OPT_SECRETKEYID, 's'}, {"pwri_password", OPT_PWRI_PASSWORD, 's'}, diff --git a/apps/crl.c b/apps/crl.c index 5e0fbe5899..06b6e5b92c 100644 --- a/apps/crl.c +++ b/apps/crl.c @@ -41,7 +41,7 @@ OPTIONS crl_options[] = { {"fingerprint", OPT_FINGERPRINT, '-', "Print the crl fingerprint"}, {"crlnumber", OPT_CRLNUMBER, '-', "Print CRL number"}, {"badsig", OPT_BADSIG, '-', "Corrupt last byte of loaded CRL signature (for test)" }, - {"gendelta", OPT_GENDELTA, '<'}, + {"gendelta", OPT_GENDELTA, '<', "Other CRL to compare/diff to the Input one"}, {"CApath", OPT_CAPATH, '/', "Verify CRL using certificates in dir"}, {"CAfile", OPT_CAFILE, '<', "Verify CRL using certificates in file name"}, {"no-CAfile", OPT_NOCAFILE, '-', diff --git a/apps/gendsa.c b/apps/gendsa.c index 5dacf1b9fc..4c05493bfa 100644 --- a/apps/gendsa.c +++ b/apps/gendsa.c @@ -34,7 +34,7 @@ OPTIONS gendsa_options[] = { {OPT_HELP_STR, 1, '-', "Valid options are:\n"}, {"help", OPT_HELP, '-', "Display this summary"}, {"out", OPT_OUT, '>', "Output the key to the specified file"}, - {"passout", OPT_PASSOUT, 's'}, + {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"}, {"rand", OPT_RAND, 's', "Load the file(s) into the random number generator"}, {"", OPT_CIPHER, '-', "Encrypt the output with any supported cipher"}, diff --git a/apps/ocsp.c b/apps/ocsp.c index cfc06a9c43..41ea970307 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -107,7 +107,8 @@ OPTIONS ocsp_options[] = { {"url", OPT_URL, 's', "Responder URL"}, {"host", OPT_HOST, 's', "TCP/IP hostname:port to connect to"}, {"port", OPT_PORT, 'p', "Port to run responder on"}, - {"ignore_err", OPT_IGNORE_ERR, '-'}, + {"ignore_err", OPT_IGNORE_ERR, '-', + "Ignore Error response from OCSP responder, and retry "}, {"noverify", OPT_NOVERIFY, '-', "Don't verify response at all"}, {"nonce", OPT_NONCE, '-', "Add OCSP nonce to request"}, {"no_nonce", OPT_NO_NONCE, '-', "Don't add OCSP nonce to request"}, @@ -124,7 +125,8 @@ OPTIONS ocsp_options[] = { {"no_chain", OPT_NO_CHAIN, '-', "Don't chain verify response"}, {"no_cert_checks", OPT_NO_CERT_CHECKS, '-', "Don't do additional checks on signing certificate"}, - {"no_explicit", OPT_NO_EXPLICIT, '-'}, + {"no_explicit", OPT_NO_EXPLICIT, '-', + "Do not explicitly check the chain, just verify the root"}, {"trust_other", OPT_TRUST_OTHER, '-', "Don't verify additional certificates"}, {"no_intern", OPT_NO_INTERN, '-', diff --git a/apps/pkcs7.c b/apps/pkcs7.c index 8763df098e..85994cda26 100644 --- a/apps/pkcs7.c +++ b/apps/pkcs7.c @@ -33,7 +33,7 @@ OPTIONS pkcs7_options[] = { {"out", OPT_OUT, '>', "Output file"}, {"noout", OPT_NOOUT, '-', "Don't output encoded data"}, {"text", OPT_TEXT, '-', "Print full details of certificates"}, - {"print", OPT_PRINT, '-'}, + {"print", OPT_PRINT, '-', "Print out all fields of the PKCS7 structure"}, {"print_certs", OPT_PRINT_CERTS, '-', "Print_certs print any certs or crl in the input"}, #ifndef OPENSSL_NO_ENGINE diff --git a/apps/pkcs8.c b/apps/pkcs8.c index 22b5866144..3592a0f1dc 100644 --- a/apps/pkcs8.c +++ b/apps/pkcs8.c @@ -38,7 +38,7 @@ OPTIONS pkcs8_options[] = { {"nocrypt", OPT_NOCRYPT, '-', "Use or expect unencrypted private key"}, {"v2", OPT_V2, 's', "Use PKCS#5 v2.0 and cipher"}, {"v1", OPT_V1, 's', "Use PKCS#5 v1.5 and cipher"}, - {"v2prf", OPT_V2PRF, 's'}, + {"v2prf", OPT_V2PRF, 's', "Set the PRF algorithm to use with PKCS#5 v2.0"}, {"iter", OPT_ITER, 'p', "Specify the iteration count"}, {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"}, diff --git a/apps/smime.c b/apps/smime.c index b98c583fb0..082109b73c 100644 --- a/apps/smime.c +++ b/apps/smime.c @@ -88,14 +88,15 @@ OPTIONS smime_options[] = { "Do not load the default certificates file"}, {"no-CApath", OPT_NOCAPATH, '-', "Do not load certificates from the default certificates directory"}, - {"resign", OPT_RESIGN, '-'}, - {"nochain", OPT_NOCHAIN, '-'}, - {"nosmimecap", OPT_NOSMIMECAP, '-'}, - {"stream", OPT_STREAM, '-'}, - {"indef", OPT_INDEF, '-'}, - {"noindef", OPT_NOINDEF, '-'}, - {"nooldmime", OPT_NOOLDMIME, '-'}, - {"crlfeol", OPT_CRLFEOL, '-'}, + {"resign", OPT_RESIGN, '-', "Resign a signed message"}, + {"nochain", OPT_NOCHAIN, '-', + "set PKCS7_NOCHAIN so certificates contained in the message are not used as untrusted CAs" }, + {"nosmimecap", OPT_NOSMIMECAP, '-', "Omit the SMIMECapabilities attribute"}, + {"stream", OPT_STREAM, '-', "Enable CMS streaming" }, + {"indef", OPT_INDEF, '-', "Same as -stream" }, + {"noindef", OPT_NOINDEF, '-', "Disable CMS streaming"}, + {"nooldmime", OPT_NOOLDMIME, '-', NULL}, + {"crlfeol", OPT_CRLFEOL, '-', "Use CRLF as EOL termination instead of CR only"}, {"rand", OPT_RAND, 's', "Load the file(s) into the random number generator"}, {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, diff --git a/apps/spkac.c b/apps/spkac.c index a365406d7a..c65103d6a0 100644 --- a/apps/spkac.c +++ b/apps/spkac.c @@ -38,7 +38,8 @@ OPTIONS spkac_options[] = { {"noout", OPT_NOOUT, '-', "Don't print SPKAC"}, {"pubkey", OPT_PUBKEY, '-', "Output public key"}, {"verify", OPT_VERIFY, '-', "Verify SPKAC signature"}, - {"spksect", OPT_SPKSECT, 's'}, + {"spksect", OPT_SPKSECT, 's', + "Specify the name of an SPKAC-dedicated section of configuration"}, #ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, #endif diff --git a/apps/ts.c b/apps/ts.c index 924108f335..eda5297052 100644 --- a/apps/ts.c +++ b/apps/ts.c @@ -107,7 +107,7 @@ OPTIONS ts_options[] = { {"queryfile", OPT_QUERYFILE, '<', "File containing a TS query"}, {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, {"inkey", OPT_INKEY, '<', "File with private key for reply"}, - {"signer", OPT_SIGNER, 's'}, + {"signer", OPT_SIGNER, 's', "Signer certificate file"}, {"chain", OPT_CHAIN, '<', "File with signer CA chain"}, {"verify", OPT_VERIFY, '-', "Verify a TS response"}, {"CApath", OPT_CAPATH, '/', "Path to trusted CA files"}, diff --git a/apps/x509.c b/apps/x509.c index 20db458d10..3539602e1e 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -92,7 +92,7 @@ OPTIONS x509_options[] = { {"ocsp_uri", OPT_OCSP_URI, '-', "Print OCSP Responder URL(s)"}, {"trustout", OPT_TRUSTOUT, '-', "Output a trusted certificate"}, {"clrtrust", OPT_CLRTRUST, '-', "Clear all trusted purposes"}, - {"clrext", OPT_CLREXT, '-', "Clear all rejected purposes"}, + {"clrext", OPT_CLREXT, '-', "Clear all certificate extensions"}, {"addtrust", OPT_ADDTRUST, 's', "Trust certificate for a given purpose"}, {"addreject", OPT_ADDREJECT, 's', "Reject certificate for a given purpose"}, @@ -125,9 +125,10 @@ OPTIONS x509_options[] = { {"CAform", OPT_CAFORM, 'F', "CA format - default PEM"}, {"CAkeyform", OPT_CAKEYFORM, 'F', "CA key format - default PEM"}, {"sigopt", OPT_SIGOPT, 's', "Signature parameter in n:v form"}, - {"force_pubkey", OPT_FORCE_PUBKEY, '<'}, - {"next_serial", OPT_NEXT_SERIAL, '-'}, - {"clrreject", OPT_CLRREJECT, '-'}, + {"force_pubkey", OPT_FORCE_PUBKEY, '<', "Force the Key to put inside certificate"}, + {"next_serial", OPT_NEXT_SERIAL, '-', "Increment current certificate serial number"}, + {"clrreject", OPT_CLRREJECT, '-', + "Clears all the prohibited or rejected uses of the certificate"}, {"badsig", OPT_BADSIG, '-', "Corrupt last byte of certificate signature (for test)"}, {"", OPT_MD, '-', "Any supported digest"}, #ifndef OPENSSL_NO_MD5 @@ -626,10 +627,9 @@ int x509_main(int argc, char **argv) i2a_ASN1_INTEGER(out, X509_get_serialNumber(x)); BIO_printf(out, "\n"); } else if (next_serial == i) { - BIGNUM *bnser; - ASN1_INTEGER *ser; - ser = X509_get_serialNumber(x); - bnser = ASN1_INTEGER_to_BN(ser, NULL); + ASN1_INTEGER *ser = X509_get_serialNumber(x); + BIGNUM *bnser = ASN1_INTEGER_to_BN(ser, NULL); + if (!bnser) goto end; if (!BN_add_word(bnser, 1))