[rs-commit] r111 - /redwax-tool/trunk/redwax-tool.c
rs-commit at redwax.eu
rs-commit at redwax.eu
Sat Dec 4 10:04:58 CET 2021
Author: minfrin at redwax.eu
Date: Sat Dec 4 10:04:58 2021
New Revision: 111
Log:
All filter related command line options start with filter.
Modified:
redwax-tool/trunk/redwax-tool.c
Modified: redwax-tool/trunk/redwax-tool.c
==============================================================================
--- redwax-tool/trunk/redwax-tool.c (original)
+++ redwax-tool/trunk/redwax-tool.c Sat Dec 4 10:04:58 2021
@@ -148,10 +148,10 @@
#define REDWAX_TOOL_PKCS11_MODULE_IN 258
#define REDWAX_TOOL_PKCS12_IN 259
#define REDWAX_TOOL_FILTER 260
-#define REDWAX_TOOL_EMAIL 261
-#define REDWAX_TOOL_HOSTNAME 262
-#define REDWAX_TOOL_IP 263
-#define REDWAX_TOOL_CURRENT 264
+#define REDWAX_TOOL_FILTER_EMAIL 261
+#define REDWAX_TOOL_FILTER_HOSTNAME 262
+#define REDWAX_TOOL_FILTER_IP 263
+#define REDWAX_TOOL_FILTER_CURRENT 264
#define REDWAX_TOOL_CERT_OUT 265
#define REDWAX_TOOL_NO_CERT_OUT 266
#define REDWAX_TOOL_CHAIN_OUT 267
@@ -168,7 +168,7 @@
#define REDWAX_TOOL_NO_KEY_OUT 278
#define REDWAX_TOOL_AUTO_OUT 279
#define REDWAX_TOOL_NO_AUTO_OUT 280
-#define REDWAX_TOOL_VERIFY_PARAM 281
+#define REDWAX_TOOL_FILTER_VERIFY_PARAM 281
#define REDWAX_TOOL_SECRET_SUFFIX_IN 282
#define REDWAX_TOOL_SECRET_SUFFIX_OUT 283
#define REDWAX_TOOL_SECRET_TOKEN_IN 284
@@ -215,10 +215,12 @@
{ "pkcs11-in", REDWAX_TOOL_PKCS11_IN, 1, " --pkcs11-in=url\t\tRead certificates, intermediate certificates,\n\t\t\t\troot certificates, crls, and keys from a PKCS11\n\t\t\t\ttoken identified by the given url." },
{ "pkcs11-module-in", REDWAX_TOOL_PKCS11_MODULE_IN, 1, " --pkcs11-module-in=mod\tSpecify the name of the PKCS11 module to be used,\n\t\t\t\toverriding system defaults. If relative, use the\n\t\t\t\tdefault PKCS11 module path, otherwise specify the\n\t\t\t\tabsolute path. Include the extension of the module." },
{ "filter", REDWAX_TOOL_FILTER, 1, " --filter=type\t\t\tApply the given filter to pass inputs to the\n\t\t\t\toutputs. \"search\" will pass through all\n\t\t\t\tcertificates matching the given hostname,\n\t\t\t\temail or ip address. \"verify\" will pass all\n\t\t\t\tleaf certificates that can be successfully\n\t\t\t\tverified through the certificate chain to a\n\t\t\t\ttrusted root certificate. With the default\n\t\t\t\t\"passthrough\", all certificates, csrs, and\n\t\t\t\tkeys are passed through." },
- { "email", REDWAX_TOOL_EMAIL, 1, " --email=address\t\tSearch/verify by the given email address. Leaf\n\t\t\t\tcertificates matching the email address will\n\t\t\t\tbe included. Can be specified more than once." },
- { "hostname", REDWAX_TOOL_HOSTNAME, 1, " --hostname=domain\t\tSearch/verify by the given hostname. Leaf\n\t\t\t\tcertificates matching the hostname will be\n\t\t\t\tkept, taking into account wildcards where\n\t\t\t\tpresent." },
- { "ip", REDWAX_TOOL_IP, 1, " --ip=address\t\t\tSearch/verify by the given IP address. Leaf\n\t\t\t\tcertificates matching the IP address will be\n\t\t\t\tincluded. Can be specified more than once." },
- { "current", REDWAX_TOOL_CURRENT, 0, " --current\t\t\tMatch the top ranking leaf certificate, and\n\t\t\t\tignore all other leaf certificates. The top\n\t\t\t\tcertificate is valid, and has the longest time\n\t\t\t\tto expiry." },
+ { "filter-email", REDWAX_TOOL_FILTER_EMAIL, 1, " --filter-email=address\tSearch/verify by the given email address. Leaf\n\t\t\t\tcertificates matching the email address will\n\t\t\t\tbe included. Can be specified more than once." },
+ { "filter-hostname", REDWAX_TOOL_FILTER_HOSTNAME, 1, " --filter-hostname=domain\tSearch/verify by the given hostname. Leaf\n\t\t\t\tcertificates matching the hostname will be\n\t\t\t\tkept, taking into account wildcards where\n\t\t\t\tpresent." },
+ { "filter-ip", REDWAX_TOOL_FILTER_IP, 1, " --filter-ip=address\t\tSearch/verify by the given IP address. Leaf\n\t\t\t\tcertificates matching the IP address will be\n\t\t\t\tincluded. Can be specified more than once." },
+ { "filter-current", REDWAX_TOOL_FILTER_CURRENT, 0, " --filter-current\t\tMatch the top ranking leaf certificate, and\n\t\t\t\tignore all other leaf certificates. The top\n\t\t\t\tcertificate is valid, and has the longest time\n\t\t\t\tto expiry." },
+ { "filter-verify-params", REDWAX_TOOL_FILTER_VERIFY_PARAM, 1,
+ " --filter-verify-params=name\tSpecify the name of the set of parameters used\n\t\t\t\tfor verification. If unspecified, set to\n\t\t\t\t'default'." },
{ "text-out", REDWAX_TOOL_TEXT_OUT, 0,
" --text-out\t\t\tInclude additional text in certificate PEM and\n\t\t\t\tmetadata output." },
{ "cert-out", REDWAX_TOOL_CERT_OUT, 0,
@@ -253,8 +255,6 @@
" --auto-out\t\t\tOutput selectively. If a key or a certificate already\n\t\t\t\texists in a PKCS11 token, skip writing the key or\n\t\t\t\tcertificate. A key is considered to already exist if\n\t\t\t\tthe Subject Key Info of the incoming key matches the\n\t\t\t\tSubject Key Info field of an existing key on the\n\t\t\t\ttoken. A certificate is considered to already exist\n\t\t\t\tif another certificate with the same value is present\n\t\t\t\ton the token. When adding a certificate, look up the\n\t\t\t\tID of any corresponding key and use that ID for the\n\t\t\t\tcertificate (unless an ID is explicitly specified in\n\t\t\t\ta target URL)." },
{ "no-auto-out", REDWAX_TOOL_NO_AUTO_OUT, 0,
" --no-auto-out\t\t\tOutput everything as specified." },
- { "verify-parameters", REDWAX_TOOL_VERIFY_PARAM, 1,
- " --verify-parameters=name\tSpecify the name of the set of parameters used\n\t\t\t\tfor verification. If unspecified, set to\n\t\t\t\t'default'." },
{ "nss-out", REDWAX_TOOL_NSS_OUT, 1, " --nss-out=directory\t\tWrite certificates, intermediate certificates,\n\t\t\t\troot certificates, crls, and keys to an NSS\n\t\t\t\tdatabase." },
{ "nss-token-out", REDWAX_TOOL_NSS_SLOT_OUT, 1, " --nss-token-out=token\t\tSpecify the token to which certificates, intermediate\n\t\t\t\tcertificates, root certificates, crls, and keys will\n\t\t\t\tbe written to an NSS database. Must appear after the\n\t\t\t\t--nss-out option." },
{ "pem-out", REDWAX_TOOL_PEM_OUT, 1, " --pem-out=file\t\tWrite certificates, intermediate certificates,\n\t\t\t\troot certificates, crls, and keys. Use '-'\n\t\t\t\tfor stdout." },
@@ -2142,23 +2142,23 @@
== APR_SUCCESS) {
switch (optch) {
- case REDWAX_TOOL_EMAIL: {
+ case REDWAX_TOOL_FILTER_EMAIL: {
redwax_set_email(r, optarg);
break;
}
- case REDWAX_TOOL_HOSTNAME: {
+ case REDWAX_TOOL_FILTER_HOSTNAME: {
redwax_set_hostname(r, optarg);
break;
}
- case REDWAX_TOOL_IP: {
+ case REDWAX_TOOL_FILTER_IP: {
redwax_set_ip(r, optarg);
break;
}
- case REDWAX_TOOL_CURRENT: {
+ case REDWAX_TOOL_FILTER_CURRENT: {
redwax_set_current(r);
break;
}
- case REDWAX_TOOL_VERIFY_PARAM: {
+ case REDWAX_TOOL_FILTER_VERIFY_PARAM: {
if (redwax_set_verify_param(r, optarg)) {
return REDWAX_EXIT_OPTIONS;
}
@@ -2387,19 +2387,19 @@
redwax_complete_filter(r, optarg, state.isquoted);
break;
}
- case REDWAX_TOOL_HOSTNAME: {
+ case REDWAX_TOOL_FILTER_HOSTNAME: {
redwax_complete_hostname(r, optarg, state.isquoted);
break;
}
- case REDWAX_TOOL_EMAIL: {
+ case REDWAX_TOOL_FILTER_EMAIL: {
redwax_complete_email(r, optarg, state.isquoted);
break;
}
- case REDWAX_TOOL_IP: {
+ case REDWAX_TOOL_FILTER_IP: {
redwax_complete_ip(r, optarg, state.isquoted);
break;
}
- case REDWAX_TOOL_VERIFY_PARAM: {
+ case REDWAX_TOOL_FILTER_VERIFY_PARAM: {
redwax_complete_verify_param(r, optarg, state.isquoted);
break;
}
@@ -2591,19 +2591,19 @@
redwax_complete_filter(r, "", state.isquoted);
break;
}
- case REDWAX_TOOL_EMAIL: {
+ case REDWAX_TOOL_FILTER_EMAIL: {
redwax_complete_email(r, "", state.isquoted);
break;
}
- case REDWAX_TOOL_HOSTNAME: {
+ case REDWAX_TOOL_FILTER_HOSTNAME: {
redwax_complete_hostname(r, "", state.isquoted);
break;
}
- case REDWAX_TOOL_IP: {
+ case REDWAX_TOOL_FILTER_IP: {
redwax_complete_ip(r, "", state.isquoted);
break;
}
- case REDWAX_TOOL_VERIFY_PARAM: {
+ case REDWAX_TOOL_FILTER_VERIFY_PARAM: {
redwax_complete_verify_param(r, "", state.isquoted);
break;
}
More information about the rs-commit
mailing list