[rt-commit] r208 - in /redwax-tool/trunk: ChangeLog configure.ac redwax-tool.c
rt-commit at redwax.eu
rt-commit at redwax.eu
Wed Feb 19 10:56:42 CET 2025
Author: minfrin at redwax.eu
Date: Wed Feb 19 10:56:41 2025
New Revision: 208
Log:
Refactor long lines.
Modified:
redwax-tool/trunk/ChangeLog
redwax-tool/trunk/configure.ac
redwax-tool/trunk/redwax-tool.c
Modified: redwax-tool/trunk/ChangeLog
==============================================================================
--- redwax-tool/trunk/ChangeLog (original)
+++ redwax-tool/trunk/ChangeLog Wed Feb 19 10:56:41 2025
@@ -1,6 +1,7 @@
Changes with v0.9.9
+ *) Refactor long lines. [Graham Leggett]
Changes with v0.9.8
Modified: redwax-tool/trunk/configure.ac
==============================================================================
--- redwax-tool/trunk/configure.ac (original)
+++ redwax-tool/trunk/configure.ac Wed Feb 19 10:56:41 2025
@@ -152,7 +152,16 @@
# Checks for library functions.
AC_FUNC_MALLOC
-AC_CHECK_FUNCS([OPENSSL_init_crypto PKCS12_SAFEBAG_get0_safes PKCS12_SAFEBAG_get_bag_nid PKCS12_SAFEBAG_get_nid PKCS12_SAFEBAG_get0_attr PKCS12_SAFEBAG_get0_p8inf PKCS12_SAFEBAG_get1_cert PKCS12_SAFEBAG_get1_crl OPENSSL_uni2utf8 ASN1_TIME_diff ASN1_TIME_print_ex X509_STORE_get0_param X509_STORE_CTX_set0_trusted_stack X509_STORE_CTX_get_num_untrusted X509_get0_notBefore X509_get0_notAfter X509_get0_tbs_sigalg X509_get0_uids X509_get0_extensions X509_get0_signature X509_get_extension_flags X509_up_ref EVP_PKEY_get0_description EVP_PKEY_CTX_new_from_name EVP_PKEY_get_bn_param RSA_get0_n RSA_get0_e RSA_get0_d RSA_get0_p RSA_get0_q RSA_get0_dmp1 RSA_get0_dmq1 RSA_get0_iqmp RSA_set0_key RSA_set0_factors RSA_set0_crt_params NSS_Initialize p11_kit_modules_load_and_initialize apr_crypto_clear])
+AC_CHECK_FUNCS([OPENSSL_init_crypto PKCS12_SAFEBAG_get0_safes PKCS12_SAFEBAG_get_bag_nid \
+ PKCS12_SAFEBAG_get_nid PKCS12_SAFEBAG_get0_attr PKCS12_SAFEBAG_get0_p8inf \
+ PKCS12_SAFEBAG_get1_cert PKCS12_SAFEBAG_get1_crl OPENSSL_uni2utf8 ASN1_TIME_diff \
+ ASN1_TIME_print_ex X509_STORE_get0_param X509_STORE_CTX_set0_trusted_stack \
+ X509_STORE_CTX_get_num_untrusted X509_get0_notBefore X509_get0_notAfter \
+ X509_get0_tbs_sigalg X509_get0_uids X509_get0_extensions X509_get0_signature \
+ X509_get_extension_flags X509_up_ref EVP_PKEY_get0_description EVP_PKEY_CTX_new_from_name \
+ EVP_PKEY_get_bn_param RSA_get0_n RSA_get0_e RSA_get0_d RSA_get0_p RSA_get0_q RSA_get0_dmp1 \
+ RSA_get0_dmq1 RSA_get0_iqmp RSA_set0_key RSA_set0_factors RSA_set0_crt_params \
+ NSS_Initialize p11_kit_modules_load_and_initialize apr_crypto_clear])
AC_OUTPUT
Modified: redwax-tool/trunk/redwax-tool.c
==============================================================================
--- redwax-tool/trunk/redwax-tool.c (original)
+++ redwax-tool/trunk/redwax-tool.c Wed Feb 19 10:56:41 2025
@@ -346,56 +346,166 @@
" -q, --quiet\t\t\tBe quiet. Errors are suppressed." },
{ "debug", 'd', 0,
" -d, --debug\t\t\tBe loud. Print additional details of our progress." },
- { "dns-server", REDWAX_TOOL_DNS_SERVER, 1, " --dns-server=ip\t\tIf specified, supplies the IP address of the\n\t\t\t\tupstream DNS server. May be specified more\n\t\t\t\tthan once. If unspecified, will read from\n\t\t\t\t/etc/resolv.conf." },
- { "dns-trust-anchor", REDWAX_TOOL_DNS_TRUST_ANCHOR, 1, " --dns-trust-anchor=file\tSpecify the file containing the DNSSEC trust\n\t\t\t\tanchor. If unspecified, the key may be read\n\t\t\t\tfrom an OS specific default location." },
- { "secret-suffix-in", REDWAX_TOOL_SECRET_SUFFIX_IN, 1, " --secret-suffix-in=suffix\tIf specified, secrets will be read from a file\n\t\t\t\twith the same name as the source file, and\n\t\t\t\tthe suffix specified. With value 'secret',\n\t\t\t\ta file 'key.pem' will have the secret loaded\n\t\t\t\tfrom 'key.secret' in the same directory." },
- { "secret-suffix-out", REDWAX_TOOL_SECRET_SUFFIX_OUT, 1, " --secret-suffix-out=suffix\tIf specified, secrets will be read from a file\n\t\t\t\twith the same name as the target file, and\n\t\t\t\tthe suffix specified. With value 'secret',\n\t\t\t\ta file 'key.pem' will have the secret loaded\n\t\t\t\tfrom 'key.secret' in the same directory." },
- { "secret-token-in", REDWAX_TOOL_SECRET_TOKEN_IN, 1, " --secret-token-in=file\tIf specified, secrets needed to read\n\t\t\t\tcertificates and keys from tokens will be read\n\t\t\t\tfrom a file one secret per line. Each secret\n\t\t\t\tis preceded by the name of the token and a\n\t\t\t\tcolon, as per the NSS pwdfile.txt file." },
- { "secret-token-out", REDWAX_TOOL_SECRET_TOKEN_OUT, 1, " --secret-token-out=file\tIf specified, secrets needed to write\n\t\t\t\tcertificates and keys to tokens (PKCS11 and\n\t\t\t\tNSS) will be read from a file one secret per\n\t\t\t\tline. Each secret is preceded by the name of\n\t\t\t\tthe token and a colon, as per the NSS\n\t\t\t\tpwdfile.txt file." },
- { "label-out", REDWAX_TOOL_LABEL_OUT, 1, " --label-out=label\t\tSet the name of the label to be applied to\n\t\t\t\tthe leaf certificates. If unspecified, the\n\t\t\t\tlabel is set to the subject of the certificate." },
- { "pem-in", REDWAX_TOOL_PEM_IN, 1, " --pem-in=wildcard\t\tRead pem files from here. Use '-' for stdin." },
- { "trust-pem-in", REDWAX_TOOL_TRUST_PEM_IN, 1, " --trust-pem-in=wildcard\tRead pem files containing trusted certificates\n\t\t\t\tfrom here. Use '-' for stdin." },
- { "pkcs12-in", REDWAX_TOOL_PKCS12_IN, 1, " --pkcs12-in=file\t\tRead certificates, intermediate certificates,\n\t\t\t\troot certificates, crls, and keys from a PKCS12\n\t\t\t\tfile. Use '-' for stdin. Provide the secret\n\t\t\t\tusing --secret-suffix-in." },
- { "pkcs11-in", REDWAX_TOOL_PKCS11_IN, 1, " --pkcs11-in=url\t\tRead certificates, intermediate certificates,\n\t\t\t\troot certificates, crls, and keys from a PKCS11\n\t\t\t\ttoken identified by the given url." },
- { "pkcs11-module-in", REDWAX_TOOL_PKCS11_MODULE_IN, 1, " --pkcs11-module-in=mod\tSpecify the name of the PKCS11 module to be used,\n\t\t\t\toverriding system defaults. If relative, use the\n\t\t\t\tdefault PKCS11 module path, otherwise specify the\n\t\t\t\tabsolute path. Include the extension of the module." },
- { "keychain-in", REDWAX_TOOL_KEYCHAIN_IN, 1, " --keychain-in=keychain\tRead certificates, intermediate certificates,\n\t\t\t\troot certificates, crls, and keys from a MacOS\n\t\t\t\tkeychain identified by the given name." },
- { "filter", REDWAX_TOOL_FILTER, 1, " --filter=type\t\t\tApply the given filter to pass inputs to the\n\t\t\t\toutputs. \"search\" will pass through all\n\t\t\t\tcertificates matching the given hostname,\n\t\t\t\temail or ip address. \"verify\" will pass all\n\t\t\t\tleaf certificates that can be successfully\n\t\t\t\tverified through the certificate chain to a\n\t\t\t\ttrusted root certificate. With the default\n\t\t\t\t\"passthrough\", all certificates, csrs, and\n\t\t\t\tkeys are passed through." },
- { "filter-email", REDWAX_TOOL_FILTER_EMAIL, 1, " --filter-email=address\tSearch/verify by the given email address. Leaf\n\t\t\t\tcertificates matching the email address will\n\t\t\t\tbe included. Can be specified more than once." },
- { "filter-hostname", REDWAX_TOOL_FILTER_HOSTNAME, 1, " --filter-hostname=domain\tSearch/verify by the given hostname. Leaf\n\t\t\t\tcertificates matching the hostname will be\n\t\t\t\tkept, taking into account wildcards where\n\t\t\t\tpresent." },
- { "filter-ip", REDWAX_TOOL_FILTER_IP, 1, " --filter-ip=address\t\tSearch/verify by the given IP address. Leaf\n\t\t\t\tcertificates matching the IP address will be\n\t\t\t\tincluded. Can be specified more than once." },
- { "filter-current", REDWAX_TOOL_FILTER_CURRENT, 0, " --filter-current\t\tMatch the top ranking leaf certificate, and\n\t\t\t\tignore all other leaf certificates. The top\n\t\t\t\tcertificate is valid, and has the longest time\n\t\t\t\tto expiry." },
+ { "dns-server", REDWAX_TOOL_DNS_SERVER, 1,
+ " --dns-server=ip\t\tIf specified, supplies the IP address of the\n"
+ "\t\t\t\tupstream DNS server. May be specified more\n"
+ "\t\t\t\tthan once. If unspecified, will read from\n"
+ "\t\t\t\t/etc/resolv.conf." },
+ { "dns-trust-anchor", REDWAX_TOOL_DNS_TRUST_ANCHOR, 1,
+ " --dns-trust-anchor=file\tSpecify the file containing the DNSSEC trust\n"
+ "\t\t\t\tanchor. If unspecified, the key may be read\n"
+ "\t\t\t\tfrom an OS specific default location." },
+ { "secret-suffix-in", REDWAX_TOOL_SECRET_SUFFIX_IN, 1,
+ " --secret-suffix-in=suffix\tIf specified, secrets will be read from a file\n"
+ "\t\t\t\twith the same name as the source file, and\n"
+ "\t\t\t\tthe suffix specified. With value 'secret',\n"
+ "\t\t\t\ta file 'key.pem' will have the secret loaded\n"
+ "\t\t\t\tfrom 'key.secret' in the same directory." },
+ { "secret-suffix-out", REDWAX_TOOL_SECRET_SUFFIX_OUT, 1,
+ " --secret-suffix-out=suffix\tIf specified, secrets will be read from a file\n"
+ "\t\t\t\twith the same name as the target file, and\n"
+ "\t\t\t\tthe suffix specified. With value 'secret',\n"
+ "\t\t\t\ta file 'key.pem' will have the secret loaded\n"
+ "\t\t\t\tfrom 'key.secret' in the same directory." },
+ { "secret-token-in", REDWAX_TOOL_SECRET_TOKEN_IN, 1,
+ " --secret-token-in=file\tIf specified, secrets needed to read\n"
+ "\t\t\t\tcertificates and keys from tokens will be read\n"
+ "\t\t\t\tfrom a file one secret per line. Each secret\n"
+ "\t\t\t\tis preceded by the name of the token and a\n"
+ "\t\t\t\tcolon, as per the NSS pwdfile.txt file." },
+ { "secret-token-out", REDWAX_TOOL_SECRET_TOKEN_OUT, 1,
+ " --secret-token-out=file\tIf specified, secrets needed to write\n"
+ "\t\t\t\tcertificates and keys to tokens (PKCS11 and\n"
+ "\t\t\t\tNSS) will be read from a file one secret per\n"
+ "\t\t\t\tline. Each secret is preceded by the name of\n"
+ "\t\t\t\tthe token and a colon, as per the NSS\n"
+ "\t\t\t\tpwdfile.txt file." },
+ { "label-out", REDWAX_TOOL_LABEL_OUT, 1,
+ " --label-out=label\t\tSet the name of the label to be applied to\n"
+ "\t\t\t\tthe leaf certificates. If unspecified, the\n"
+ "\t\t\t\tlabel is set to the subject of the certificate." },
+ { "pem-in", REDWAX_TOOL_PEM_IN, 1,
+ " --pem-in=wildcard\t\tRead pem files from here. Use '-' for stdin." },
+ { "trust-pem-in", REDWAX_TOOL_TRUST_PEM_IN, 1,
+ " --trust-pem-in=wildcard\tRead pem files containing trusted certificates\n"
+ "\t\t\t\tfrom here. Use '-' for stdin." },
+ { "pkcs12-in", REDWAX_TOOL_PKCS12_IN, 1,
+ " --pkcs12-in=file\t\tRead certificates, intermediate certificates,\n"
+ "\t\t\t\troot certificates, crls, and keys from a PKCS12\n"
+ "\t\t\t\tfile. Use '-' for stdin. Provide the secret\n"
+ "\t\t\t\tusing --secret-suffix-in." },
+ { "pkcs11-in", REDWAX_TOOL_PKCS11_IN, 1,
+ " --pkcs11-in=url\t\tRead certificates, intermediate certificates,\n"
+ "\t\t\t\troot certificates, crls, and keys from a PKCS11\n"
+ "\t\t\t\ttoken identified by the given url." },
+ { "pkcs11-module-in", REDWAX_TOOL_PKCS11_MODULE_IN, 1,
+ " --pkcs11-module-in=mod\tSpecify the name of the PKCS11 module to be used,\n"
+ "\t\t\t\toverriding system defaults. If relative, use the\n"
+ "\t\t\t\tdefault PKCS11 module path, otherwise specify the\n"
+ "\t\t\t\tabsolute path. Include the extension of the module." },
+ { "keychain-in", REDWAX_TOOL_KEYCHAIN_IN, 1,
+ " --keychain-in=keychain\tRead certificates, intermediate certificates,\n"
+ "\t\t\t\troot certificates, crls, and keys from a MacOS\n"
+ "\t\t\t\tkeychain identified by the given name." },
+ { "filter", REDWAX_TOOL_FILTER, 1,
+ " --filter=type\t\t\tApply the given filter to pass inputs to the\n"
+ "\t\t\t\toutputs. \"search\" will pass through all\n"
+ "\t\t\t\tcertificates matching the given hostname,\n"
+ "\t\t\t\temail or ip address. \"verify\" will pass all\n"
+ "\t\t\t\tleaf certificates that can be successfully\n"
+ "\t\t\t\tverified through the certificate chain to a\n"
+ "\t\t\t\ttrusted root certificate. With the default\n"
+ "\t\t\t\t\"passthrough\", all certificates, csrs, and\n"
+ "\t\t\t\tkeys are passed through." },
+ { "filter-email", REDWAX_TOOL_FILTER_EMAIL, 1,
+ " --filter-email=address\tSearch/verify by the given email address. Leaf\n"
+ "\t\t\t\tcertificates matching the email address will\n"
+ "\t\t\t\tbe included. Can be specified more than once." },
+ { "filter-hostname", REDWAX_TOOL_FILTER_HOSTNAME, 1,
+ " --filter-hostname=domain\tSearch/verify by the given hostname. Leaf\n"
+ "\t\t\t\tcertificates matching the hostname will be\n"
+ "\t\t\t\tkept, taking into account wildcards where\n"
+ "\t\t\t\tpresent." },
+ { "filter-ip", REDWAX_TOOL_FILTER_IP, 1,
+ " --filter-ip=address\t\tSearch/verify by the given IP address. Leaf\n"
+ "\t\t\t\tcertificates matching the IP address will be\n"
+ "\t\t\t\tincluded. Can be specified more than once." },
+ { "filter-current", REDWAX_TOOL_FILTER_CURRENT, 0,
+ " --filter-current\t\tMatch the top ranking leaf certificate, and\n"
+ "\t\t\t\tignore all other leaf certificates. The top\n"
+ "\t\t\t\tcertificate is valid, and has the longest time\n"
+ "\t\t\t\tto expiry." },
{ "filter-verify-params", REDWAX_TOOL_FILTER_VERIFY_PARAM, 1,
- " --filter-verify-params=name\tSpecify the name of the set of parameters used\n\t\t\t\tfor verification. If unspecified, set to\n\t\t\t\t'default'." },
+ " --filter-verify-params=name\tSpecify the name of the set of parameters used\n"
+ "\t\t\t\tfor verification. If unspecified, set to\n"
+ "\t\t\t\t'default'." },
{ "filter-verify-tlsa", REDWAX_TOOL_FILTER_VERIFY_TLSA, 1,
- " --filter-verify-tlsa=url\tPerform DANE verification on the server\n\t\t\t\tcertificate. The parameter is an URL, with a\n\t\t\t\thostname, optional scheme defaulting to tcp,\n\t\t\t\tand optional port defaulting to 443 (example:\n\t\t\t\ttcp://example.com:443). If unspecified, no\n\t\t\t\tDANE verification is performed." },
+ " --filter-verify-tlsa=url\tPerform DANE verification on the server\n"
+ "\t\t\t\tcertificate. The parameter is an URL, with a\n"
+ "\t\t\t\thostname, optional scheme defaulting to tcp,\n"
+ "\t\t\t\tand optional port defaulting to 443 (example:\n"
+ "\t\t\t\ttcp://example.com:443). If unspecified, no\n"
+ "\t\t\t\tDANE verification is performed." },
#if 0
{ "filter-verify-smimea", REDWAX_TOOL_FILTER_VERIFY_SMIMEA, 1,
- " --filter-verify-smimea=addr\tPerform DANE verification on the client\n\t\t\t\tcertificate. The parameter is an email address.\n\t\t\t\tIf unspecified, no DANE verification\n\t\t\t\tis performed." },
+ " --filter-verify-smimea=addr\tPerform DANE verification on the client\n"
+ "\t\t\t\tcertificate. The parameter is an email address.\n"
+ "\t\t\t\tIf unspecified, no DANE verification\n"
+ "\t\t\t\tis performed." },
#endif
- { "filter-date", REDWAX_TOOL_FILTER_DATE, 1, " --filter-date=date\t\tSet the date to be used for certificate\n\t\t\t\tverification. If unset, it will default to the\n\t\t\t\tcurrent time. Date format is generalized time\n\t\t\t\tsyntax as defined in RFC 4517 section 3.3.13." },
- { "filter-expiry", REDWAX_TOOL_FILTER_EXPIRY, 1, " --filter-expiry=[option]\tVerify certificate expiry. 'check' does expiry\n\t\t\t\tverification. 'ignore' allows expired\n\t\t\t\tcertificates. 'ignore-leaf' allows expired leaf\n\t\t\t\tcertificates. 'ignore-chain' allows expired\n\t\t\t\tchain certificates. Default is 'check'." },
- { "filter-dane", REDWAX_TOOL_FILTER_DANE, 1, " --filter-dane=[option]\tVerify certificate DANE records. 'check' does\n\t\t\t\tdane verification. 'ignore' allows certificates\n\t\t\t\twith mismatched DANE TLSA or SMIMEA records.\n\t\t\t\tDefault is 'check'." },
- { "filter-purpose", REDWAX_TOOL_FILTER_PURPOSE, 1, " --filter-purpose=purpose\tSet the purpose of the certificate to verify.\n\t\t\t\tIf unset, it will default to any purpose." },
+ { "filter-date", REDWAX_TOOL_FILTER_DATE, 1,
+ " --filter-date=date\t\tSet the date to be used for certificate\n"
+ "\t\t\t\tverification. If unset, it will default to the\n"
+ "\t\t\t\tcurrent time. Date format is generalized time\n"
+ "\t\t\t\tsyntax as defined in RFC 4517 section 3.3.13." },
+ { "filter-expiry", REDWAX_TOOL_FILTER_EXPIRY, 1,
+ " --filter-expiry=[option]\tVerify certificate expiry. 'check' does expiry\n"
+ "\t\t\t\tverification. 'ignore' allows expired\n"
+ "\t\t\t\tcertificates. 'ignore-leaf' allows expired leaf\n"
+ "\t\t\t\tcertificates. 'ignore-chain' allows expired\n"
+ "\t\t\t\tchain certificates. Default is 'check'." },
+ { "filter-dane", REDWAX_TOOL_FILTER_DANE, 1,
+ " --filter-dane=[option]\tVerify certificate DANE records. 'check' does\n"
+ "\t\t\t\tdane verification. 'ignore' allows certificates\n"
+ "\t\t\t\twith mismatched DANE TLSA or SMIMEA records.\n"
+ "\t\t\t\tDefault is 'check'." },
+ { "filter-purpose", REDWAX_TOOL_FILTER_PURPOSE, 1,
+ " --filter-purpose=purpose\tSet the purpose of the certificate to verify.\n"
+ "\t\t\t\tIf unset, it will default to any purpose." },
{ "text-out", REDWAX_TOOL_TEXT_OUT, 0,
- " --text-out\t\t\tInclude additional text in certificate PEM and\n\t\t\t\tmetadata output." },
+ " --text-out\t\t\tInclude additional text in certificate PEM and\n"
+ "\t\t\t\tmetadata output." },
{ "no-text-out", REDWAX_TOOL_NO_TEXT_OUT, 0,
- " --no-text-out\t\t\tExclude additional text in certificate PEM and\n\t\t\t\tmetadata output." },
+ " --no-text-out\t\t\tExclude additional text in certificate PEM and\n"
+ "\t\t\t\tmetadata output." },
{ "cert-out", REDWAX_TOOL_CERT_OUT, 0,
" --cert-out\t\t\tInclude leaf certificates in certificate output." },
{ "no-cert-out", REDWAX_TOOL_NO_CERT_OUT, 0,
" --no-cert-out\t\t\tExclude leaf certificates from certificate output." },
{ "chain-out", REDWAX_TOOL_CHAIN_OUT, 0,
- " --chain-out\t\t\tSearch for and include intermediate\n\t\t\t\tcertificates belonging to leaf certificates in\n\t\t\t\tcertificate output. When verifying, if a chain\n\t\t\t\tcannot be created through intermediate\n\t\t\t\tcertificates to a trusted root certificate, the\n\t\t\t\tleaf certificate is ignored." },
+ " --chain-out\t\t\tSearch for and include intermediate\n"
+ "\t\t\t\tcertificates belonging to leaf certificates in\n"
+ "\t\t\t\tcertificate output. When verifying, if a chain\n"
+ "\t\t\t\tcannot be created through intermediate\n"
+ "\t\t\t\tcertificates to a trusted root certificate, the\n"
+ "\t\t\t\tleaf certificate is ignored." },
{ "no-chain-out", REDWAX_TOOL_NO_CHAIN_OUT, 0,
- " --no-chain-out\t\tExclude intermediate certificates belonging to\n\t\t\t\tleaf certificates in certificate output." },
+ " --no-chain-out\t\tExclude intermediate certificates belonging to\n"
+ "\t\t\t\tleaf certificates in certificate output." },
{ "root-out", REDWAX_TOOL_ROOT_OUT, 0,
- " --root-out\t\t\tSearch for and include root certificates at the\n\t\t\t\tend of the certificate chain. When verifying,\n\t\t\t\tif a chain cannot be created through intermediate\n\t\t\t\tcertificates to a root certificate, the leaf\n\t\t\t\tcertificate is ignored." },
+ " --root-out\t\t\tSearch for and include root certificates at the\n"
+ "\t\t\t\tend of the certificate chain. When verifying,\n\t\t\t\tif a chain cannot be created through intermediate\n\t\t\t\tcertificates to a root certificate, the leaf\n\t\t\t\tcertificate is ignored." },
{ "no-root-out", REDWAX_TOOL_NO_ROOT_OUT, 0,
- " --no-root-out\t\t\tExclude root certificates at the end of the\n\t\t\t\tcertificate chain in output." },
+ " --no-root-out\t\t\tExclude root certificates at the end of the\n"
+ "\t\t\t\tcertificate chain in output." },
{ "trust-out", REDWAX_TOOL_TRUST_OUT, 0,
- " --trust-out\t\t\tIdentical to the 'root' option, however where\n\t\t\t\tsupported the output certificates will be\n\t\t\t\texported as a \"TRUSTED CERTIFICATE\" as\n\t\t\t\trecognised by OpenSSL." },
+ " --trust-out\t\t\tIdentical to the 'root' option, however where\n"
+ "\t\t\t\tsupported the output certificates will be\n"
+ "\t\t\t\texported as a \"TRUSTED CERTIFICATE\" as\n"
+ "\t\t\t\trecognised by OpenSSL." },
{ "no-trust-out", REDWAX_TOOL_NO_TRUST_OUT, 0,
- " --no-trust-out\t\tExclude root certificates that would otherwise\n\t\t\t\tbe output as OpenSSL \"TRUSTED CERTIFICATE\"." },
+ " --no-trust-out\t\tExclude root certificates that would otherwise\n"
+ "\t\t\t\tbe output as OpenSSL \"TRUSTED CERTIFICATE\"." },
{ "crl-out", REDWAX_TOOL_CRL_OUT, 0,
" --crl-out\t\t\tInclude certificate revocation lists in the output." },
{ "no-crl-out", REDWAX_TOOL_NO_CRL_OUT, 0,
@@ -405,7 +515,8 @@
{ "no-parameter-out", REDWAX_TOOL_NO_PARAM_OUT, 0,
" --no-parameter-out\t\tExclude key parameters from the output." },
{ "key-in", REDWAX_TOOL_KEY_IN, 0,
- " --key-in\t\t\tRead private keys in the input. This will trigger a\n\t\t\t\tlogin attempt if needed." },
+ " --key-in\t\t\tRead private keys in the input. This will trigger a\n"
+ "\t\t\t\tlogin attempt if needed." },
{ "no-key-in", REDWAX_TOOL_NO_KEY_IN, 0,
" --no-key-in\t\t\tExclude keys from the input." },
{ "key-out", REDWAX_TOOL_KEY_OUT, 0,
@@ -413,34 +524,115 @@
{ "no-key-out", REDWAX_TOOL_NO_KEY_OUT, 0,
" --no-key-out\t\t\tExclude keys from the output." },
{ "auto-out", REDWAX_TOOL_AUTO_OUT, 0,
- " --auto-out\t\t\tOutput selectively. If a key or a certificate already\n\t\t\t\texists in a PKCS11 token, skip writing the key or\n\t\t\t\tcertificate. A key is considered to already exist if\n\t\t\t\tthe Subject Key Info of the incoming key matches the\n\t\t\t\tSubject Key Info field of an existing key on the\n\t\t\t\ttoken. A certificate is considered to already exist\n\t\t\t\tif another certificate with the same value is present\n\t\t\t\ton the token. When adding a certificate, look up the\n\t\t\t\tID of any corresponding key and use that ID for the\n\t\t\t\tcertificate (unless an ID is explicitly specified in\n\t\t\t\ta target URL)." },
+ " --auto-out\t\t\tOutput selectively. If a key or a certificate already\n"
+ "\t\t\t\texists in a PKCS11 token, skip writing the key or\n"
+ "\t\t\t\tcertificate. A key is considered to already exist if\n"
+ "\t\t\t\tthe Subject Key Info of the incoming key matches the\n"
+ "\t\t\t\tSubject Key Info field of an existing key on the\n"
+ "\t\t\t\ttoken. A certificate is considered to already exist\n"
+ "\t\t\t\tif another certificate with the same value is present\n"
+ "\t\t\t\ton the token. When adding a certificate, look up the\n"
+ "\t\t\t\tID of any corresponding key and use that ID for the\n"
+ "\t\t\t\tcertificate (unless an ID is explicitly specified in\n"
+ "\t\t\t\ta target URL)." },
{ "no-auto-out", REDWAX_TOOL_NO_AUTO_OUT, 0,
" --no-auto-out\t\t\tOutput everything as specified." },
- { "nss-out", REDWAX_TOOL_NSS_OUT, 1, " --nss-out=directory\t\tWrite certificates, intermediate certificates,\n\t\t\t\troot certificates, crls, and keys to an NSS\n\t\t\t\tdatabase." },
- { "nss-token-out", REDWAX_TOOL_NSS_SLOT_OUT, 1, " --nss-token-out=token\t\tSpecify the token to which certificates, intermediate\n\t\t\t\tcertificates, root certificates, crls, and keys will\n\t\t\t\tbe written to an NSS database. Must appear after the\n\t\t\t\t--nss-out option." },
- { "der-out", REDWAX_TOOL_DER_OUT, 1, " --der-out=prefix\t\tWrite certificates, intermediate certificates,\n\t\t\t\troot certificates, crls, and keys. Each one is\n\t\t\t\twritten to a file with a suffix indicating type and\n\t\t\t\tindex. Use '-' for stdout, output will be concatenated." },
- { "pem-out", REDWAX_TOOL_PEM_OUT, 1, " --pem-out=file\t\tWrite certificates, intermediate certificates,\n\t\t\t\troot certificates, crls, and keys. Use '-'\n\t\t\t\tfor stdout." },
- { "pkcs12-out", REDWAX_TOOL_PKCS12_OUT, 1, " --pkcs12-out=file\t\tWrite certificates, intermediate certificates,\n\t\t\t\troot certificates, crls, and keys into a PKCS12\n\t\t\t\tfile. Use '-' for stdout." },
- { "pkcs11-out", REDWAX_TOOL_PKCS11_OUT, 1, " --pkcs11-out=url\t\tWrite certificates, intermediate certificates,\n\t\t\t\troot certificates, crls, and keys into a PKCS11\n\t\t\t\ttoken identified by the given url." },
- { "pkcs11-module-out", REDWAX_TOOL_PKCS11_MODULE_OUT, 1, " --pkcs11-module-out=mod\tSpecify the name of the PKCS11 module to be used,\n\t\t\t\toverriding system defaults. If relative, use the\n\t\t\t\tdefault PKCS11 module path, otherwise specify the\n\t\t\t\tabsolute path. Include the extension of the module." },
- { "metadata-out", REDWAX_TOOL_METADATA_OUT, 1, " --metadata-out=file\t\tWrite metadata of each certificate and key to the\n\t\t\t\tgiven file in the format given by the format\n\t\t\t\tparameter." },
- { "metadata-threshold", REDWAX_TOOL_METADATA_THRESHOLD, 1, " --metadata-threshold=days\tSet the threshold in days below which an expiry\n\t\t\t\tbecomes a warning. If unset, defaults to no\n\t\t\t\twarning." },
- { "format-out", REDWAX_TOOL_FORMAT_OUT, 1, " --format-out=xml|json|yaml\tFormat of output metadata." },
- { "calendar-out", REDWAX_TOOL_CALENDAR_OUT, 1, " --calendar-out=file\t\tWrite a calendar containing entries until the expiry\n\t\t\t\tdate of each certificate to the given file or\n\t\t\t\tdirectory. If a directory is specified, entries will\n\t\t\t\tbe created in discrete ICS files." },
- { "reminder-out", REDWAX_TOOL_REMINDER_OUT, 1, " --reminder-out=file\t\tWrite a calendar containing reminders at the expiry\n\t\t\t\tdate of each certificate to the given file or\n\t\t\t\tdirectory. If a directory is specified, entries will\n\t\t\t\tbe created in discrete ICS files." },
- { "calendar-alarm", REDWAX_TOOL_CALENDAR_ALARM, 1, " --calendar-alarm=duration\tIf specified, add an alarm to each calendar entry if\n\t\t\t\tnot already present. The alarm format is a RFC5545\n\t\t\t\tDURATION as described in section 3.3.6. Example:\n\t\t\t\t-P1W is one week prior to expiry." },
- { "user-in", REDWAX_TOOL_USER_IN, 1, " --user-in=user\t\tUse the privileges of this user when reading\n\t\t\t\tcertificates and keys." },
- { "user-out", REDWAX_TOOL_USER_OUT, 1, " --user-out=user\t\tUse the privileges of this user when writing\n\t\t\t\tcertificates and keys." },
- { "group-in", REDWAX_TOOL_GROUP_IN, 1, " --group-in=group\t\tUse the privileges of this group when reading\n\t\t\t\tcertificates and keys. If you have set a user\n\t\t\t\tbefore setting a group, you may no longer have\n\t\t\t\tpermission to set the group. It is recommended\n\t\t\t\tthat if user and group are set, the group is set\n\t\t\t\tfirst." },
- { "group-out", REDWAX_TOOL_GROUP_OUT, 1, " --group-out=group\t\t\tUse the privileges of this group when writing\n\t\t\t\t\tcertificates and keys. If you have set a user\n\t\t\t\t\tbefore setting a group, you may no longer have\n\t\t\t\t\tpermission to set the group. It is recommended\n\t\t\t\t\tthat if user and group are set, the group is set\n\t\t\t\t\tfirst." },
- { "order-out", REDWAX_TOOL_ORDER_OUT, 1, " --order-out=[all|key-first|key-last]\tControls the order of keys and certificates in\n\t\t\t\t\tthe output. 'all' outputs all leaf certificates,\n\t\t\t\t\tfollowed by all intermediate certificates,\n\t\t\t\t\tfollowed by all root certificates, followed by\n\t\t\t\t\tall keys. 'key-first' outputs all certificates\n\t\t\t\t\twith a matching private key, with the private\n\t\t\t\t\tkey first, followed by the certificate, followed\n\t\t\t\t\tby intermediates and roots, followed by the\n\t\t\t\t\tprivate key of the next certificate and so on.\n\t\t\t\t\t'key-last' outputs all certificates with a\n\t\t\t\t\tmatching private key, with the certificate first,\n\t\t\t\t\tfollowed by intermediates and roots, followed by\n\t\t\t\t\tthe key of the certificate, finally followed by\n\t\t\t\t\tthe next certificate with a private key and so on." },
+ { "nss-out", REDWAX_TOOL_NSS_OUT, 1,
+ " --nss-out=directory\t\tWrite certificates, intermediate certificates,\n"
+ "\t\t\t\troot certificates, crls, and keys to an NSS\n\t\t\t\tdatabase." },
+ { "nss-token-out", REDWAX_TOOL_NSS_SLOT_OUT, 1,
+ " --nss-token-out=token\t\tSpecify the token to which certificates, intermediate\n"
+ "\t\t\t\tcertificates, root certificates, crls, and keys will\n\t\t\t\tbe written to an NSS database. Must appear after the\n\t\t\t\t--nss-out option." },
+ { "der-out", REDWAX_TOOL_DER_OUT, 1,
+ " --der-out=prefix\t\tWrite certificates, intermediate certificates,\n"
+ "\t\t\t\troot certificates, crls, and keys. Each one is\n\t\t\t\twritten to a file with a suffix indicating type and\n\t\t\t\tindex. Use '-' for stdout, output will be concatenated." },
+ { "pem-out", REDWAX_TOOL_PEM_OUT, 1,
+ " --pem-out=file\t\tWrite certificates, intermediate certificates,\n"
+ "\t\t\t\troot certificates, crls, and keys. Use '-'\n\t\t\t\tfor stdout." },
+ { "pkcs12-out", REDWAX_TOOL_PKCS12_OUT, 1,
+ " --pkcs12-out=file\t\tWrite certificates, intermediate certificates,\n"
+ "\t\t\t\troot certificates, crls, and keys into a PKCS12\n"
+ "\t\t\t\tfile. Use '-' for stdout." },
+ { "pkcs11-out", REDWAX_TOOL_PKCS11_OUT, 1,
+ " --pkcs11-out=url\t\tWrite certificates, intermediate certificates,\n"
+ "\t\t\t\troot certificates, crls, and keys into a PKCS11\n"
+ "\t\t\t\ttoken identified by the given url." },
+ { "pkcs11-module-out", REDWAX_TOOL_PKCS11_MODULE_OUT, 1,
+ " --pkcs11-module-out=mod\tSpecify the name of the PKCS11 module to be used,\n"
+ "\t\t\t\toverriding system defaults. If relative, use the\n"
+ "\t\t\t\tdefault PKCS11 module path, otherwise specify the\n"
+ "\t\t\t\tabsolute path. Include the extension of the module." },
+ { "metadata-out", REDWAX_TOOL_METADATA_OUT, 1,
+ " --metadata-out=file\t\tWrite metadata of each certificate and key to the\n"
+ "\t\t\t\tgiven file in the format given by the format\n\t\t\t\tparameter." },
+ { "metadata-threshold", REDWAX_TOOL_METADATA_THRESHOLD, 1,
+ " --metadata-threshold=days\tSet the threshold in days below which an expiry\n"
+ "\t\t\t\tbecomes a warning. If unset, defaults to no\n\t\t\t\twarning." },
+ { "format-out", REDWAX_TOOL_FORMAT_OUT, 1,
+ " --format-out=xml|json|yaml\tFormat of output metadata." },
+ { "calendar-out", REDWAX_TOOL_CALENDAR_OUT, 1,
+ " --calendar-out=file\t\tWrite a calendar containing entries until the expiry\n"
+ "\t\t\t\tdate of each certificate to the given file or\n"
+ "\t\t\t\tdirectory. If a directory is specified, entries will\n"
+ "\t\t\t\tbe created in discrete ICS files." },
+ { "reminder-out", REDWAX_TOOL_REMINDER_OUT, 1,
+ " --reminder-out=file\t\tWrite a calendar containing reminders at the expiry\n"
+ "\t\t\t\tdate of each certificate to the given file or\n"
+ "\t\t\t\tdirectory. If a directory is specified, entries will\n"
+ "\t\t\t\tbe created in discrete ICS files." },
+ { "calendar-alarm", REDWAX_TOOL_CALENDAR_ALARM, 1,
+ " --calendar-alarm=duration\tIf specified, add an alarm to each calendar entry if\n"
+ "\t\t\t\tnot already present. The alarm format is a RFC5545\n"
+ "\t\t\t\tDURATION as described in section 3.3.6. Example:\n"
+ "\t\t\t\t-P1W is one week prior to expiry." },
+ { "user-in", REDWAX_TOOL_USER_IN, 1,
+ " --user-in=user\t\tUse the privileges of this user when reading\n"
+ "\t\t\t\tcertificates and keys." },
+ { "user-out", REDWAX_TOOL_USER_OUT, 1,
+ " --user-out=user\t\tUse the privileges of this user when writing\n"
+ "\t\t\t\tcertificates and keys." },
+ { "group-in", REDWAX_TOOL_GROUP_IN, 1,
+ " --group-in=group\t\tUse the privileges of this group when reading\n"
+ "\t\t\t\tcertificates and keys. If you have set a user\n"
+ "\t\t\t\tbefore setting a group, you may no longer have\n"
+ "\t\t\t\tpermission to set the group. It is recommended\n"
+ "\t\t\t\tthat if user and group are set, the group is set\n"
+ "\t\t\t\tfirst." },
+ { "group-out", REDWAX_TOOL_GROUP_OUT, 1,
+ " --group-out=group\t\t\tUse the privileges of this group when writing\n"
+ "\t\t\t\t\tcertificates and keys. If you have set a user\n"
+ "\t\t\t\t\tbefore setting a group, you may no longer have\n"
+ "\t\t\t\t\tpermission to set the group. It is recommended\n"
+ "\t\t\t\t\tthat if user and group are set, the group is set\n"
+ "\t\t\t\t\tfirst." },
+ { "order-out", REDWAX_TOOL_ORDER_OUT, 1,
+ " --order-out=[all|key-first|key-last]\tControls the order of keys and certificates in\n"
+ "\t\t\t\t\tthe output. 'all' outputs all leaf certificates,\n"
+ "\t\t\t\t\tfollowed by all intermediate certificates,\n"
+ "\t\t\t\t\tfollowed by all root certificates, followed by\n"
+ "\t\t\t\t\tall keys. 'key-first' outputs all certificates\n"
+ "\t\t\t\t\twith a matching private key, with the private\n"
+ "\t\t\t\t\tkey first, followed by the certificate, followed\n"
+ "\t\t\t\t\tby intermediates and roots, followed by the\n"
+ "\t\t\t\t\tprivate key of the next certificate and so on.\n"
+ "\t\t\t\t\t'key-last' outputs all certificates with a\n"
+ "\t\t\t\t\tmatching private key, with the certificate first,\n"
+ "\t\t\t\t\tfollowed by intermediates and roots, followed by\n"
+ "\t\t\t\t\tthe key of the certificate, finally followed by\n"
+ "\t\t\t\t\tthe next certificate with a private key and so on." },
{ "ssh-public-out", REDWAX_TOOL_SSH_PUBLIC_OUT, 1, " --ssh-public-out=file\t\tWrite an SSH public key to the given file." },
#if 0
- { "jwks-out", REDWAX_TOOL_JWKS_OUT, 1, " --jwks-out=file\t\tWrite keys to the given file as an RFC7517 JSON\n\t\t\t\tWeb Key Set." },
- { "ssh-private-out", REDWAX_TOOL_SSH_PRIVATE_OUT, 1, " --ssh-private-out=file\t\tWrite an SSH private key to the given file." },
- { "smimea-out", REDWAX_TOOL_SMIMEA_OUT, 1, " --smimea-out=file\t\tWrite an SMIMEA DNS record to the given file." },
- { "sshfp-out", REDWAX_TOOL_SSHFP_OUT, 1, " --sshfp-out=file\t\tWrite an SSHFP DNS record to the given file." },
- { "tlsa-out", REDWAX_TOOL_TLSA_OUT, 1, " --tlsa-out=file\t\tWrite a TLSA DNS record to the given file." },
+ { "jwks-out", REDWAX_TOOL_JWKS_OUT, 1,
+ " --jwks-out=file\t\tWrite keys to the given file as an RFC7517 JSON\n"
+ "\t\t\t\tWeb Key Set." },
+ { "ssh-private-out", REDWAX_TOOL_SSH_PRIVATE_OUT, 1,
+ " --ssh-private-out=file\t\tWrite an SSH private key to the given file." },
+ { "smimea-out", REDWAX_TOOL_SMIMEA_OUT, 1,
+ " --smimea-out=file\t\tWrite an SMIMEA DNS record to the given file." },
+ { "sshfp-out", REDWAX_TOOL_SSHFP_OUT, 1,
+ " --sshfp-out=file\t\tWrite an SSHFP DNS record to the given file." },
+ { "tlsa-out", REDWAX_TOOL_TLSA_OUT, 1,
+ " --tlsa-out=file\t\tWrite a TLSA DNS record to the given file." },
#endif
{ NULL }
};
More information about the rt-commit
mailing list