diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2018-04-29 16:38:05 +0000 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2018-04-29 16:38:05 +0000 |
| commit | ba6c2592a85f81714a20cf0ff0607b0d2e423ea7 (patch) | |
| tree | d38ab1bf64e6394d57a88a0777cbf5050075ead3 | |
| parent | a27c8b1d9e4fc2aa0ad8b36348fc9c99b9ad2060 (diff) | |
| parent | 988884c2578eadf362edf580e3e28dca82386bff (diff) | |
| download | gnutls-ba6c2592a85f81714a20cf0ff0607b0d2e423ea7.tar.gz | |
Merge branch 'tmp-sni-hostname' into 'master'
tests: updated sni-hostname check for TLS1.3
Closes #344
See merge request gnutls/gnutls!623
| -rw-r--r-- | doc/credentials/x509/Makefile.am | 3 | ||||
| -rw-r--r-- | doc/credentials/x509/example.com-cert.pem | 17 | ||||
| -rw-r--r-- | doc/credentials/x509/example.com-key.pem | 32 | ||||
| -rw-r--r-- | src/certtool-args.c.bak | 822 | ||||
| -rw-r--r-- | src/certtool-args.h.bak | 182 | ||||
| -rw-r--r-- | src/cli-args.c.bak | 869 | ||||
| -rw-r--r-- | src/cli-args.def | 9 | ||||
| -rw-r--r-- | src/cli-args.h.bak | 172 | ||||
| -rw-r--r-- | src/cli.c | 22 | ||||
| -rwxr-xr-x | tests/sni-hostname.sh | 30 |
10 files changed, 1135 insertions, 1023 deletions
diff --git a/doc/credentials/x509/Makefile.am b/doc/credentials/x509/Makefile.am index 3bd2daaf93..426af74aa1 100644 --- a/doc/credentials/x509/Makefile.am +++ b/doc/credentials/x509/Makefile.am @@ -1,3 +1,4 @@ EXTRA_DIST = ca-key.pem ca.pem cert-rsa.pem key-rsa.pem clikey.pem clicert.pem \ clicert-dsa.pem clikey-dsa.pem cert-dsa.pem key-dsa.pem cert-ecc.pem key-ecc.pem \ - cert-ecc-sign.pem key-rsa-pss.pem cert-rsa-pss.pem + cert-ecc-sign.pem key-rsa-pss.pem cert-rsa-pss.pem example.com-cert.pem \ + example.com-key.pem diff --git a/doc/credentials/x509/example.com-cert.pem b/doc/credentials/x509/example.com-cert.pem new file mode 100644 index 0000000000..110203fcfe --- /dev/null +++ b/doc/credentials/x509/example.com-cert.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICpjCCAV6gAwIBAgIIWt3gvC3CPKQwDQYJKoZIhvcNAQELBQAwGTEXMBUGA1UE +AxMOR251VExTIFRlc3QgQ0EwIBcNMTgwNDIzMTMzMzQ4WhgPOTk5OTEyMzEyMzU5 +NTlaMAAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAS7hpflFRh3CVEd1EeYS4PT +K7e1RmUrYxo+35DIiZ3YDtnBUQkp1EW2vy0NKL2oC3oEydLV/MPVT74V7H6BXtrZ +o4GjMIGgMAwGA1UdEwEB/wQCMAAwKgYDVR0RBCMwIYILZXhhbXBsZS5jb22CEnNl +cnZlci5leGFtcGxlLmNvbTATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8BAf8E +BQMDB4AAMB0GA1UdDgQWBBTmJuEsWggOUoIu8Zze/DPDZcJHtDAfBgNVHSMEGDAW +gBRNVrdqAFjxZ5L0pnVVG45TAQPvzzANBgkqhkiG9w0BAQsFAAOCATEAfRdpFHrp +Dd/b9k2enKzpM7i77FJvNUl0rW44zlEhLaj2U1ww1l+/i7SAcXf7V7poq+r7JAXG +0nvWkMfYFCORQrJE6guJ7hvipCSoJM8lS7cuiKXTyUwLWgq6AXEIsHppyt7wmyYZ +t0oqYdhwfoS4jsfBJtB2vzn8Do2tJ9abYbXqdORGtqv9Lc5o0s17Fc4r2cuUFllF +IqGwB0/CHhmo75OtQ13nmM9TbxiI0QMYzX1FUQ3L/rsW0M02vzK/9OK6sZvRdZUP +e5Of0NNo0p5CUQSgQRi+pdXoC9JigkTFz86TSb8YjfP5hRLTU23V54XtLiIf2kxd +VaTNF+i7MB4+Ev/wzxC5g0XsxAmH9yTrQp71xUywCMo+PQPpXcWuQJE8nz8mV8u2 +Qr425yUcvrwHOQ== +-----END CERTIFICATE----- diff --git a/doc/credentials/x509/example.com-key.pem b/doc/credentials/x509/example.com-key.pem new file mode 100644 index 0000000000..e97dc6ffac --- /dev/null +++ b/doc/credentials/x509/example.com-key.pem @@ -0,0 +1,32 @@ +Public Key Info: + Public Key Algorithm: EC/ECDSA + Key Security Level: High (256 bits) + +curve: SECP256R1 +private key: + 00:fb:67:5c:f1:99:02:d2:90:78:a7:18:03:59:59:87 + 09:63:30:1b:f2:af:11:37:32:06:8c:2b:84:5a:c6:8d + 84: + +x: + 00:bb:86:97:e5:15:18:77:09:51:1d:d4:47:98:4b:83 + d3:2b:b7:b5:46:65:2b:63:1a:3e:df:90:c8:89:9d:d8 + 0e: + +y: + 00:d9:c1:51:09:29:d4:45:b6:bf:2d:0d:28:bd:a8:0b + 7a:04:c9:d2:d5:fc:c3:d5:4f:be:15:ec:7e:81:5e:da + d9: + + +Public Key PIN: + pin-sha256:/JZm32Lan7Ptf2pOdI5lEj2RdeDfUE9PGZnO/LBkC1Y= +Public Key ID: + sha256:fc9666df62da9fb3ed7f6a4e748e65123d9175e0df504f4f1999cefcb0640b56 + sha1:e626e12c5a080e52822ef19cdefc33c365c247b4 + +-----BEGIN EC PRIVATE KEY----- +MHgCAQEEIQD7Z1zxmQLSkHinGANZWYcJYzAb8q8RNzIGjCuEWsaNhKAKBggqhkjO +PQMBB6FEA0IABLuGl+UVGHcJUR3UR5hLg9Mrt7VGZStjGj7fkMiJndgO2cFRCSnU +Rba/LQ0ovagLegTJ0tX8w9VPvhXsfoFe2tk= +-----END EC PRIVATE KEY----- diff --git a/src/certtool-args.c.bak b/src/certtool-args.c.bak index 991657fd3b..a18b1c182a 100644 --- a/src/certtool-args.c.bak +++ b/src/certtool-args.c.bak @@ -158,151 +158,151 @@ static char const certtool_opt_strs[7235] = /* 2448 */ "Generate a private key\0" /* 2471 */ "GENERATE_PRIVKEY\0" /* 2488 */ "generate-privkey\0" -/* 2505 */ "Specify the number of bits for key generation\0" -/* 2551 */ "BITS\0" -/* 2556 */ "bits\0" -/* 2561 */ "Specify the curve used for EC key generation\0" -/* 2606 */ "CURVE\0" -/* 2612 */ "curve\0" -/* 2618 */ "Specify the security level [low, legacy, medium, high, ultra]\0" -/* 2680 */ "SEC_PARAM\0" -/* 2690 */ "sec-param\0" -/* 2700 */ "Convert a given key to a PKCS #8 structure\0" -/* 2743 */ "TO_P8\0" -/* 2749 */ "to-p8\0" -/* 2755 */ "Use PKCS #8 format for private keys\0" -/* 2791 */ "PKCS8\0" -/* 2797 */ "pkcs8\0" -/* 2803 */ "Generate a private key or parameters from a seed using a provable method\0" -/* 2876 */ "PROVABLE\0" -/* 2885 */ "provable\0" -/* 2894 */ "Verify a private key generated from a seed using a provable method\0" -/* 2961 */ "VERIFY_PROVABLE_PRIVKEY\0" -/* 2985 */ "verify-provable-privkey\0" -/* 3009 */ "When generating a private key use the given hex-encoded seed\0" -/* 3070 */ "SEED\0" -/* 3075 */ "seed\0" -/* 3080 */ "CRL related options:\0" -/* 3101 */ "Print information on the given CRL structure\0" -/* 3146 */ "CRL_INFO\0" -/* 3155 */ "crl-info\0" -/* 3164 */ "Generate a CRL\0" -/* 3179 */ "GENERATE_CRL\0" -/* 3192 */ "generate-crl\0" -/* 3205 */ "Verify a Certificate Revocation List using a trusted list\0" -/* 3263 */ "VERIFY_CRL\0" -/* 3274 */ "verify-crl\0" -/* 3285 */ "Certificate verification related options:\0" -/* 3327 */ "Verify a PEM encoded certificate chain\0" -/* 3366 */ "VERIFY_CHAIN\0" -/* 3379 */ "verify-chain\0" -/* 3392 */ "Verify a PEM encoded certificate (chain) against a trusted set\0" -/* 3455 */ "VERIFY\0" -/* 3462 */ "verify\0" -/* 3469 */ "Specify a hostname to be used for certificate chain verification\0" -/* 3534 */ "VERIFY_HOSTNAME\0" -/* 3550 */ "verify-hostname\0" -/* 3566 */ "Specify a email to be used for certificate chain verification\0" -/* 3628 */ "VERIFY_EMAIL\0" -/* 3641 */ "verify-email\0" -/* 3654 */ "Specify a purpose OID to be used for certificate chain verification\0" -/* 3722 */ "VERIFY_PURPOSE\0" -/* 3737 */ "verify-purpose\0" -/* 3752 */ "Allow broken algorithms, such as MD5 for verification\0" -/* 3806 */ "VERIFY_ALLOW_BROKEN\0" -/* 3826 */ "verify-allow-broken\0" -/* 3846 */ "PKCS#7 structure options:\0" -/* 3872 */ "Generate a PKCS #7 structure\0" -/* 3901 */ "P7_GENERATE\0" -/* 3913 */ "p7-generate\0" -/* 3925 */ "Signs using a PKCS #7 structure\0" -/* 3957 */ "P7_SIGN\0" -/* 3965 */ "p7-sign\0" -/* 3973 */ "Signs using a detached PKCS #7 structure\0" -/* 4014 */ "P7_DETACHED_SIGN\0" -/* 4031 */ "p7-detached-sign\0" -/* 4048 */ "The signer's certificate will be included in the cert list.\0" -/* 4108 */ "P7_INCLUDE_CERT\0" -/* 4124 */ "no-p7-include-cert\0" -/* 4143 */ "no\0" -/* 4146 */ "Will include a timestamp in the PKCS #7 structure\0" -/* 4196 */ "P7_TIME\0" -/* 4204 */ "no-p7-time\0" -/* 4215 */ "Will show the embedded data in the PKCS #7 structure\0" -/* 4268 */ "P7_SHOW_DATA\0" -/* 4281 */ "no-p7-show-data\0" -/* 4297 */ "Print information on a PKCS #7 structure\0" -/* 4338 */ "P7_INFO\0" -/* 4346 */ "p7-info\0" -/* 4354 */ "Verify the provided PKCS #7 structure\0" -/* 4392 */ "P7_VERIFY\0" -/* 4402 */ "p7-verify\0" -/* 4412 */ "Convert S/MIME to PKCS #7 structure\0" -/* 4448 */ "SMIME_TO_P7\0" -/* 4460 */ "smime-to-p7\0" -/* 4472 */ "Other options:\0" -/* 4487 */ "Generate PKCS #3 encoded Diffie-Hellman parameters (deprecated)\0" -/* 4551 */ "GENERATE_DH_PARAMS\0" -/* 4570 */ "generate-dh-params\0" -/* 4589 */ "List the included PKCS #3 encoded Diffie-Hellman parameters\0" -/* 4649 */ "GET_DH_PARAMS\0" -/* 4663 */ "get-dh-params\0" -/* 4677 */ "Print information PKCS #3 encoded Diffie-Hellman parameters\0" -/* 4737 */ "DH_INFO\0" -/* 4745 */ "dh-info\0" -/* 4753 */ "Loads a private key file\0" -/* 4778 */ "LOAD_PRIVKEY\0" -/* 4791 */ "load-privkey\0" -/* 4804 */ "Loads a public key file\0" -/* 4828 */ "LOAD_PUBKEY\0" -/* 4840 */ "load-pubkey\0" -/* 4852 */ "Loads a certificate request file\0" -/* 4885 */ "LOAD_REQUEST\0" -/* 4898 */ "load-request\0" -/* 4911 */ "Loads a certificate file\0" -/* 4936 */ "LOAD_CERTIFICATE\0" -/* 4953 */ "load-certificate\0" -/* 4970 */ "Loads the certificate authority's private key file\0" -/* 5021 */ "LOAD_CA_PRIVKEY\0" -/* 5037 */ "load-ca-privkey\0" -/* 5053 */ "Loads the certificate authority's certificate file\0" -/* 5104 */ "LOAD_CA_CERTIFICATE\0" -/* 5124 */ "load-ca-certificate\0" -/* 5144 */ "Loads the provided CRL\0" -/* 5167 */ "LOAD_CRL\0" -/* 5176 */ "load-crl\0" -/* 5185 */ "Loads auxiliary data\0" -/* 5206 */ "LOAD_DATA\0" -/* 5216 */ "load-data\0" -/* 5226 */ "Password to use\0" -/* 5242 */ "PASSWORD\0" -/* 5251 */ "password\0" -/* 5260 */ "Enforce a NULL password\0" -/* 5284 */ "NULL_PASSWORD\0" -/* 5298 */ "null-password\0" -/* 5312 */ "Enforce an empty password\0" -/* 5338 */ "EMPTY_PASSWORD\0" -/* 5353 */ "empty-password\0" -/* 5368 */ "Print big number in an easier format to parse\0" -/* 5414 */ "HEX_NUMBERS\0" -/* 5426 */ "hex-numbers\0" -/* 5438 */ "In certain operations it prints the information in C-friendly format\0" -/* 5507 */ "CPRINT\0" -/* 5514 */ "cprint\0" -/* 5521 */ "Generate RSA key (deprecated)\0" -/* 5551 */ "RSA\0" -/* 5555 */ "rsa\0" -/* 5559 */ "Generate DSA key (deprecated)\0" -/* 5589 */ "DSA\0" -/* 5593 */ "dsa\0" -/* 5597 */ "Generate ECC (ECDSA) key (deprecated)\0" -/* 5635 */ "ECC\0" -/* 5639 */ "ecc\0" -/* 5643 */ "an alias for the 'ecc' option (deprecated)\0" -/* 5686 */ "ecdsa\0" -/* 5692 */ "Specify the key type to use on key generation\0" -/* 5738 */ "KEY_TYPE\0" -/* 5747 */ "key-type\0" +/* 2505 */ "Specify the key type to use on key generation\0" +/* 2551 */ "KEY_TYPE\0" +/* 2560 */ "key-type\0" +/* 2569 */ "Specify the number of bits for key generation\0" +/* 2615 */ "BITS\0" +/* 2620 */ "bits\0" +/* 2625 */ "Specify the curve used for EC key generation\0" +/* 2670 */ "CURVE\0" +/* 2676 */ "curve\0" +/* 2682 */ "Specify the security level [low, legacy, medium, high, ultra]\0" +/* 2744 */ "SEC_PARAM\0" +/* 2754 */ "sec-param\0" +/* 2764 */ "Convert a given key to a PKCS #8 structure\0" +/* 2807 */ "TO_P8\0" +/* 2813 */ "to-p8\0" +/* 2819 */ "Use PKCS #8 format for private keys\0" +/* 2855 */ "PKCS8\0" +/* 2861 */ "pkcs8\0" +/* 2867 */ "Generate a private key or parameters from a seed using a provable method\0" +/* 2940 */ "PROVABLE\0" +/* 2949 */ "provable\0" +/* 2958 */ "Verify a private key generated from a seed using a provable method\0" +/* 3025 */ "VERIFY_PROVABLE_PRIVKEY\0" +/* 3049 */ "verify-provable-privkey\0" +/* 3073 */ "When generating a private key use the given hex-encoded seed\0" +/* 3134 */ "SEED\0" +/* 3139 */ "seed\0" +/* 3144 */ "CRL related options:\0" +/* 3165 */ "Print information on the given CRL structure\0" +/* 3210 */ "CRL_INFO\0" +/* 3219 */ "crl-info\0" +/* 3228 */ "Generate a CRL\0" +/* 3243 */ "GENERATE_CRL\0" +/* 3256 */ "generate-crl\0" +/* 3269 */ "Verify a Certificate Revocation List using a trusted list\0" +/* 3327 */ "VERIFY_CRL\0" +/* 3338 */ "verify-crl\0" +/* 3349 */ "Certificate verification related options:\0" +/* 3391 */ "Verify a PEM encoded certificate chain\0" +/* 3430 */ "VERIFY_CHAIN\0" +/* 3443 */ "verify-chain\0" +/* 3456 */ "Verify a PEM encoded certificate (chain) against a trusted set\0" +/* 3519 */ "VERIFY\0" +/* 3526 */ "verify\0" +/* 3533 */ "Specify a hostname to be used for certificate chain verification\0" +/* 3598 */ "VERIFY_HOSTNAME\0" +/* 3614 */ "verify-hostname\0" +/* 3630 */ "Specify a email to be used for certificate chain verification\0" +/* 3692 */ "VERIFY_EMAIL\0" +/* 3705 */ "verify-email\0" +/* 3718 */ "Specify a purpose OID to be used for certificate chain verification\0" +/* 3786 */ "VERIFY_PURPOSE\0" +/* 3801 */ "verify-purpose\0" +/* 3816 */ "Allow broken algorithms, such as MD5 for verification\0" +/* 3870 */ "VERIFY_ALLOW_BROKEN\0" +/* 3890 */ "verify-allow-broken\0" +/* 3910 */ "PKCS#7 structure options:\0" +/* 3936 */ "Generate a PKCS #7 structure\0" +/* 3965 */ "P7_GENERATE\0" +/* 3977 */ "p7-generate\0" +/* 3989 */ "Signs using a PKCS #7 structure\0" +/* 4021 */ "P7_SIGN\0" +/* 4029 */ "p7-sign\0" +/* 4037 */ "Signs using a detached PKCS #7 structure\0" +/* 4078 */ "P7_DETACHED_SIGN\0" +/* 4095 */ "p7-detached-sign\0" +/* 4112 */ "The signer's certificate will be included in the cert list.\0" +/* 4172 */ "P7_INCLUDE_CERT\0" +/* 4188 */ "no-p7-include-cert\0" +/* 4207 */ "no\0" +/* 4210 */ "Will include a timestamp in the PKCS #7 structure\0" +/* 4260 */ "P7_TIME\0" +/* 4268 */ "no-p7-time\0" +/* 4279 */ "Will show the embedded data in the PKCS #7 structure\0" +/* 4332 */ "P7_SHOW_DATA\0" +/* 4345 */ "no-p7-show-data\0" +/* 4361 */ "Print information on a PKCS #7 structure\0" +/* 4402 */ "P7_INFO\0" +/* 4410 */ "p7-info\0" +/* 4418 */ "Verify the provided PKCS #7 structure\0" +/* 4456 */ "P7_VERIFY\0" +/* 4466 */ "p7-verify\0" +/* 4476 */ "Convert S/MIME to PKCS #7 structure\0" +/* 4512 */ "SMIME_TO_P7\0" +/* 4524 */ "smime-to-p7\0" +/* 4536 */ "Other options:\0" +/* 4551 */ "Generate PKCS #3 encoded Diffie-Hellman parameters (deprecated)\0" +/* 4615 */ "GENERATE_DH_PARAMS\0" +/* 4634 */ "generate-dh-params\0" +/* 4653 */ "List the included PKCS #3 encoded Diffie-Hellman parameters\0" +/* 4713 */ "GET_DH_PARAMS\0" +/* 4727 */ "get-dh-params\0" +/* 4741 */ "Print information PKCS #3 encoded Diffie-Hellman parameters\0" +/* 4801 */ "DH_INFO\0" +/* 4809 */ "dh-info\0" +/* 4817 */ "Loads a private key file\0" +/* 4842 */ "LOAD_PRIVKEY\0" +/* 4855 */ "load-privkey\0" +/* 4868 */ "Loads a public key file\0" +/* 4892 */ "LOAD_PUBKEY\0" +/* 4904 */ "load-pubkey\0" +/* 4916 */ "Loads a certificate request file\0" +/* 4949 */ "LOAD_REQUEST\0" +/* 4962 */ "load-request\0" +/* 4975 */ "Loads a certificate file\0" +/* 5000 */ "LOAD_CERTIFICATE\0" +/* 5017 */ "load-certificate\0" +/* 5034 */ "Loads the certificate authority's private key file\0" +/* 5085 */ "LOAD_CA_PRIVKEY\0" +/* 5101 */ "load-ca-privkey\0" +/* 5117 */ "Loads the certificate authority's certificate file\0" +/* 5168 */ "LOAD_CA_CERTIFICATE\0" +/* 5188 */ "load-ca-certificate\0" +/* 5208 */ "Loads the provided CRL\0" +/* 5231 */ "LOAD_CRL\0" +/* 5240 */ "load-crl\0" +/* 5249 */ "Loads auxiliary data\0" +/* 5270 */ "LOAD_DATA\0" +/* 5280 */ "load-data\0" +/* 5290 */ "Password to use\0" +/* 5306 */ "PASSWORD\0" +/* 5315 */ "password\0" +/* 5324 */ "Enforce a NULL password\0" +/* 5348 */ "NULL_PASSWORD\0" +/* 5362 */ "null-password\0" +/* 5376 */ "Enforce an empty password\0" +/* 5402 */ "EMPTY_PASSWORD\0" +/* 5417 */ "empty-password\0" +/* 5432 */ "Print big number in an easier format to parse\0" +/* 5478 */ "HEX_NUMBERS\0" +/* 5490 */ "hex-numbers\0" +/* 5502 */ "In certain operations it prints the information in C-friendly format\0" +/* 5571 */ "CPRINT\0" +/* 5578 */ "cprint\0" +/* 5585 */ "Generate RSA key (deprecated)\0" +/* 5615 */ "RSA\0" +/* 5619 */ "rsa\0" +/* 5623 */ "Generate DSA key (deprecated)\0" +/* 5653 */ "DSA\0" +/* 5657 */ "dsa\0" +/* 5661 */ "Generate ECC (ECDSA) key (deprecated)\0" +/* 5699 */ "ECC\0" +/* 5703 */ "ecc\0" +/* 5707 */ "an alias for the 'ecc' option (deprecated)\0" +/* 5750 */ "ecdsa\0" /* 5756 */ "Hash algorithm to use for signing\0" /* 5790 */ "HASH\0" /* 5795 */ "hash\0" @@ -696,14 +696,27 @@ static int const aGenerate_RequestCantList[] = { #define GENERATE_PRIVKEY_FLAGS (OPTST_DISABLED) /** + * key-type option description: + */ +/** Descriptive text for the key-type option */ +#define KEY_TYPE_DESC (certtool_opt_strs+2505) +/** Upper-cased name for the key-type option */ +#define KEY_TYPE_NAME (certtool_opt_strs+2551) +/** Name string for the key-type option */ +#define KEY_TYPE_name (certtool_opt_strs+2560) +/** Compiled in flag settings for the key-type option */ +#define KEY_TYPE_FLAGS (OPTST_DISABLED \ + | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING)) + +/** * bits option description: */ /** Descriptive text for the bits option */ -#define BITS_DESC (certtool_opt_strs+2505) +#define BITS_DESC (certtool_opt_strs+2569) /** Upper-cased name for the bits option */ -#define BITS_NAME (certtool_opt_strs+2551) +#define BITS_NAME (certtool_opt_strs+2615) /** Name string for the bits option */ -#define BITS_name (certtool_opt_strs+2556) +#define BITS_name (certtool_opt_strs+2620) /** Compiled in flag settings for the bits option */ #define BITS_FLAGS (OPTST_DISABLED \ | OPTST_SET_ARGTYPE(OPARG_TYPE_NUMERIC)) @@ -712,11 +725,11 @@ static int const aGenerate_RequestCantList[] = { * curve option description: */ /** Descriptive text for the curve option */ -#define CURVE_DESC (certtool_opt_strs+2561) +#define CURVE_DESC (certtool_opt_strs+2625) /** Upper-cased name for the curve option */ -#define CURVE_NAME (certtool_opt_strs+2606) +#define CURVE_NAME (certtool_opt_strs+2670) /** Name string for the curve option */ -#define CURVE_name (certtool_opt_strs+2612) +#define CURVE_name (certtool_opt_strs+2676) /** Compiled in flag settings for the curve option */ #define CURVE_FLAGS (OPTST_DISABLED \ | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING)) @@ -725,11 +738,11 @@ static int const aGenerate_RequestCantList[] = { * sec-param option description: */ /** Descriptive text for the sec-param option */ -#define SEC_PARAM_DESC (certtool_opt_strs+2618) +#define SEC_PARAM_DESC (certtool_opt_strs+2682) /** Upper-cased name for the sec-param option */ -#define SEC_PARAM_NAME (certtool_opt_strs+2680) +#define SEC_PARAM_NAME (certtool_opt_strs+2744) /** Name string for the sec-param option */ -#define SEC_PARAM_name (certtool_opt_strs+2690) +#define SEC_PARAM_name (certtool_opt_strs+2754) /** Compiled in flag settings for the sec-param option */ #define SEC_PARAM_FLAGS (OPTST_DISABLED \ | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING)) @@ -738,11 +751,11 @@ static int const aGenerate_RequestCantList[] = { * to-p8 option description: */ /** Descriptive text for the to-p8 option */ -#define TO_P8_DESC (certtool_opt_strs+2700) +#define TO_P8_DESC (certtool_opt_strs+2764) /** Upper-cased name for the to-p8 option */ -#define TO_P8_NAME (certtool_opt_strs+2743) +#define TO_P8_NAME (certtool_opt_strs+2807) /** Name string for the to-p8 option */ -#define TO_P8_name (certtool_opt_strs+2749) +#define TO_P8_name (certtool_opt_strs+2813) /** Compiled in flag settings for the to-p8 option */ #define TO_P8_FLAGS (OPTST_DISABLED) @@ -750,11 +763,11 @@ static int const aGenerate_RequestCantList[] = { * pkcs8 option description: */ /** Descriptive text for the pkcs8 option */ -#define PKCS8_DESC (certtool_opt_strs+2755) +#define PKCS8_DESC (certtool_opt_strs+2819) /** Upper-cased name for the pkcs8 option */ -#define PKCS8_NAME (certtool_opt_strs+2791) +#define PKCS8_NAME (certtool_opt_strs+2855) /** Name string for the pkcs8 option */ -#define PKCS8_name (certtool_opt_strs+2797) +#define PKCS8_name (certtool_opt_strs+2861) /** Compiled in flag settings for the pkcs8 option */ #define PKCS8_FLAGS (OPTST_DISABLED) @@ -762,11 +775,11 @@ static int const aGenerate_RequestCantList[] = { * provable option description: */ /** Descriptive text for the provable option */ -#define PROVABLE_DESC (certtool_opt_strs+2803) +#define PROVABLE_DESC (certtool_opt_strs+2867) /** Upper-cased name for the provable option */ -#define PROVABLE_NAME (certtool_opt_strs+2876) +#define PROVABLE_NAME (certtool_opt_strs+2940) /** Name string for the provable option */ -#define PROVABLE_name (certtool_opt_strs+2885) +#define PROVABLE_name (certtool_opt_strs+2949) /** Compiled in flag settings for the provable option */ #define PROVABLE_FLAGS (OPTST_DISABLED) @@ -774,11 +787,11 @@ static int const aGenerate_RequestCantList[] = { * verify-provable-privkey option description: */ /** Descriptive text for the verify-provable-privkey option */ -#define VERIFY_PROVABLE_PRIVKEY_DESC (certtool_opt_strs+2894) +#define VERIFY_PROVABLE_PRIVKEY_DESC (certtool_opt_strs+2958) /** Upper-cased name for the verify-provable-privkey option */ -#define VERIFY_PROVABLE_PRIVKEY_NAME (certtool_opt_strs+2961) +#define VERIFY_PROVABLE_PRIVKEY_NAME (certtool_opt_strs+3025) /** Name string for the verify-provable-privkey option */ -#define VERIFY_PROVABLE_PRIVKEY_name (certtool_opt_strs+2985) +#define VERIFY_PROVABLE_PRIVKEY_name (certtool_opt_strs+3049) /** Compiled in flag settings for the verify-provable-privkey option */ #define VERIFY_PROVABLE_PRIVKEY_FLAGS (OPTST_DISABLED) @@ -786,11 +799,11 @@ static int const aGenerate_RequestCantList[] = { * seed option description: */ /** Descriptive text for the seed option */ -#define SEED_DESC (certtool_opt_strs+3009) +#define SEED_DESC (certtool_opt_strs+3073) /** Upper-cased name for the seed option */ -#define SEED_NAME (certtool_opt_strs+3070) +#define SEED_NAME (certtool_opt_strs+3134) /** Name string for the seed option */ -#define SEED_name (certtool_opt_strs+3075) +#define SEED_name (certtool_opt_strs+3139) /** Compiled in flag settings for the seed option */ #define SEED_FLAGS (OPTST_DISABLED \ | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING)) @@ -799,18 +812,18 @@ static int const aGenerate_RequestCantList[] = { * crl_options option description: */ /** crl_options option separation text */ -#define CRL_OPTIONS_DESC (certtool_opt_strs+3080) +#define CRL_OPTIONS_DESC (certtool_opt_strs+3144) #define CRL_OPTIONS_FLAGS (OPTST_DOCUMENT | OPTST_NO_INIT) /** * crl-info option description: */ /** Descriptive text for the crl-info option */ -#define CRL_INFO_DESC (certtool_opt_strs+3101) +#define CRL_INFO_DESC (certtool_opt_strs+3165) /** Upper-cased name for the crl-info option */ -#define CRL_INFO_NAME (certtool_opt_strs+3146) +#define CRL_INFO_NAME (certtool_opt_strs+3210) /** Name string for the crl-info option */ -#define CRL_INFO_name (certtool_opt_strs+3155) +#define CRL_INFO_name (certtool_opt_strs+3219) /** Compiled in flag settings for the crl-info option */ #define CRL_INFO_FLAGS (OPTST_DISABLED) @@ -818,11 +831,11 @@ static int const aGenerate_RequestCantList[] = { * generate-crl option description: */ /** Descriptive text for the generate-crl option */ -#define GENERATE_CRL_DESC (certtool_opt_strs+3164) +#define GENERATE_CRL_DESC (certtool_opt_strs+3228) /** Upper-cased name for the generate-crl option */ -#define GENERATE_CRL_NAME (certtool_opt_strs+3179) +#define GENERATE_CRL_NAME (certtool_opt_strs+3243) /** Name string for the generate-crl option */ -#define GENERATE_CRL_name (certtool_opt_strs+3192) +#define GENERATE_CRL_name (certtool_opt_strs+3256) /** Compiled in flag settings for the generate-crl option */ #define GENERATE_CRL_FLAGS (OPTST_DISABLED) @@ -831,11 +844,11 @@ static int const aGenerate_RequestCantList[] = { * "Must also have options" and "Incompatible options": */ /** Descriptive text for the verify-crl option */ -#define VERIFY_CRL_DESC (certtool_opt_strs+3205) +#define VERIFY_CRL_DESC (certtool_opt_strs+3269) /** Upper-cased name for the verify-crl option */ -#define VERIFY_CRL_NAME (certtool_opt_strs+3263) +#define VERIFY_CRL_NAME (certtool_opt_strs+3327) /** Name string for the verify-crl option */ -#define VERIFY_CRL_name (certtool_opt_strs+3274) +#define VERIFY_CRL_name (certtool_opt_strs+3338) /** Other options that are required by the verify-crl option */ static int const aVerify_CrlMustList[] = { INDEX_OPT_LOAD_CA_CERTIFICATE, NO_EQUIVALENT }; @@ -846,18 +859,18 @@ static int const aVerify_CrlMustList[] = { * cert_verify_options option description: */ /** cert_verify_options option separation text */ -#define CERT_VERIFY_OPTIONS_DESC (certtool_opt_strs+3285) +#define CERT_VERIFY_OPTIONS_DESC (certtool_opt_strs+3349) #define CERT_VERIFY_OPTIONS_FLAGS (OPTST_DOCUMENT | OPTST_NO_INIT) /** * verify-chain option description: */ /** Descriptive text for the verify-chain option */ -#define VERIFY_CHAIN_DESC (certtool_opt_strs+3327) +#define VERIFY_CHAIN_DESC (certtool_opt_strs+3391) /** Upper-cased name for the verify-chain option */ -#define VERIFY_CHAIN_NAME (certtool_opt_strs+3366) +#define VERIFY_CHAIN_NAME (certtool_opt_strs+3430) /** Name string for the verify-chain option */ -#define VERIFY_CHAIN_name (certtool_opt_strs+3379) +#define VERIFY_CHAIN_name (certtool_opt_strs+3443) /** Compiled in flag settings for the verify-chain option */ #define VERIFY_CHAIN_FLAGS (OPTST_DISABLED) @@ -865,11 +878,11 @@ static int const aVerify_CrlMustList[] = { * verify option description: */ /** Descriptive text for the verify option */ -#define VERIFY_DESC (certtool_opt_strs+3392) +#define VERIFY_DESC (certtool_opt_strs+3456) /** Upper-cased name for the verify option */ -#define VERIFY_NAME (certtool_opt_strs+3455) +#define VERIFY_NAME (certtool_opt_strs+3519) /** Name string for the verify option */ -#define VERIFY_name (certtool_opt_strs+3462) +#define VERIFY_name (certtool_opt_strs+3526) /** Compiled in flag settings for the verify option */ #define VERIFY_FLAGS (OPTST_DISABLED) @@ -877,11 +890,11 @@ static int const aVerify_CrlMustList[] = { * verify-hostname option description: */ /** Descriptive text for the verify-hostname option */ -#define VERIFY_HOSTNAME_DESC (certtool_opt_strs+3469) +#define VERIFY_HOSTNAME_DESC (certtool_opt_strs+3533) /** Upper-cased name for the verify-hostname option */ -#define VERIFY_HOSTNAME_NAME (certtool_opt_strs+3534) +#define VERIFY_HOSTNAME_NAME (certtool_opt_strs+3598) /** Name string for the verify-hostname option */ -#define VERIFY_HOSTNAME_name (certtool_opt_strs+3550) +#define VERIFY_HOSTNAME_name (certtool_opt_strs+3614) /** Compiled in flag settings for the verify-hostname option */ #define VERIFY_HOSTNAME_FLAGS (OPTST_DISABLED \ | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING)) @@ -891,11 +904,11 @@ static int const aVerify_CrlMustList[] = { * "Must also have options" and "Incompatible options": */ /** Descriptive text for the verify-email option */ -#define VERIFY_EMAIL_DESC (certtool_opt_strs+3566) +#define VERIFY_EMAIL_DESC (certtool_opt_strs+3630) /** Upper-cased name for the verify-email option */ -#define VERIFY_EMAIL_NAME (certtool_opt_strs+3628) +#define VERIFY_EMAIL_NAME (certtool_opt_strs+3692) /** Name string for the verify-email option */ -#define VERIFY_EMAIL_name (certtool_opt_strs+3641) +#define VERIFY_EMAIL_name (certtool_opt_strs+3705) /** Other options that appear in conjunction with the verify-email option */ static int const aVerify_EmailCantList[] = { INDEX_OPT_VERIFY_HOSTNAME, NO_EQUIVALENT }; @@ -907,11 +920,11 @@ static int const aVerify_EmailCantList[] = { * verify-purpose option description: */ /** Descriptive text for the verify-purpose option */ -#define VERIFY_PURPOSE_DESC (certtool_opt_strs+3654) +#define VERIFY_PURPOSE_DESC (certtool_opt_strs+3718) /** Upper-cased name for the verify-purpose option */ -#define VERIFY_PURPOSE_NAME (certtool_opt_strs+3722) +#define VERIFY_PURPOSE_NAME (certtool_opt_strs+3786) /** Name string for the verify-purpose option */ -#define VERIFY_PURPOSE_name (certtool_opt_strs+3737) +#define VERIFY_PURPOSE_name (certtool_opt_strs+3801) /** Compiled in flag settings for the verify-purpose option */ #define VERIFY_PURPOSE_FLAGS (OPTST_DISABLED \ | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING)) @@ -920,11 +933,11 @@ static int const aVerify_EmailCantList[] = { * verify-allow-broken option description: */ /** Descriptive text for the verify-allow-broken option */ -#define VERIFY_ALLOW_BROKEN_DESC (certtool_opt_strs+3752) +#define VERIFY_ALLOW_BROKEN_DESC (certtool_opt_strs+3816) /** Upper-cased name for the verify-allow-broken option */ -#define VERIFY_ALLOW_BROKEN_NAME (certtool_opt_strs+3806) +#define VERIFY_ALLOW_BROKEN_NAME (certtool_opt_strs+3870) /** Name string for the verify-allow-broken option */ -#define VERIFY_ALLOW_BROKEN_name (certtool_opt_strs+3826) +#define VERIFY_ALLOW_BROKEN_name (certtool_opt_strs+3890) /** Compiled in flag settings for the verify-allow-broken option */ #define VERIFY_ALLOW_BROKEN_FLAGS (OPTST_DISABLED) @@ -932,18 +945,18 @@ static int const aVerify_EmailCantList[] = { * pkcs7_options option description: */ /** pkcs7_options option separation text */ -#define PKCS7_OPTIONS_DESC (certtool_opt_strs+3846) +#define PKCS7_OPTIONS_DESC (certtool_opt_strs+3910) #define PKCS7_OPTIONS_FLAGS (OPTST_DOCUMENT | OPTST_NO_INIT) /** * p7-generate option description: */ /** Descriptive text for the p7-generate option */ -#define P7_GENERATE_DESC (certtool_opt_strs+3872) +#define P7_GENERATE_DESC (certtool_opt_strs+3936) /** Upper-cased name for the p7-generate option */ -#define P7_GENERATE_NAME (certtool_opt_strs+3901) +#define P7_GENERATE_NAME (certtool_opt_strs+3965) /** Name string for the p7-generate option */ -#define P7_GENERATE_name (certtool_opt_strs+3913) +#define P7_GENERATE_name (certtool_opt_strs+3977) /** Compiled in flag settings for the p7-generate option */ #define P7_GENERATE_FLAGS (OPTST_DISABLED) @@ -951,11 +964,11 @@ static int const aVerify_EmailCantList[] = { * p7-sign option description: */ /** Descriptive text for the p7-sign option */ -#define P7_SIGN_DESC (certtool_opt_strs+3925) +#define P7_SIGN_DESC (certtool_opt_strs+3989) /** Upper-cased name for the p7-sign option */ -#define P7_SIGN_NAME (certtool_opt_strs+3957) +#define P7_SIGN_NAME (certtool_opt_strs+4021) /** Name string for the p7-sign option */ -#define P7_SIGN_name (certtool_opt_strs+3965) +#define P7_SIGN_name (certtool_opt_strs+4029) /** Compiled in flag settings for the p7-sign option */ #define P7_SIGN_FLAGS (OPTST_DISABLED) @@ -963,11 +976,11 @@ static int const aVerify_EmailCantList[] = { * p7-detached-sign option description: */ /** Descriptive text for the p7-detached-sign option */ -#define P7_DETACHED_SIGN_DESC (certtool_opt_strs+3973) +#define P7_DETACHED_SIGN_DESC (certtool_opt_strs+4037) /** Upper-cased name for the p7-detached-sign option */ -#define P7_DETACHED_SIGN_NAME (certtool_opt_strs+4014) +#define P7_DETACHED_SIGN_NAME (certtool_opt_strs+4078) /** Name string for the p7-detached-sign option */ -#define P7_DETACHED_SIGN_name (certtool_opt_strs+4031) +#define P7_DETACHED_SIGN_name (certtool_opt_strs+4095) /** Compiled in flag settings for the p7-detached-sign option */ #define P7_DETACHED_SIGN_FLAGS (OPTST_DISABLED) @@ -975,13 +988,13 @@ static int const aVerify_EmailCantList[] = { * p7-include-cert option description: */ /** Descriptive text for the p7-include-cert option */ -#define P7_INCLUDE_CERT_DESC (certtool_opt_strs+4048) +#define P7_INCLUDE_CERT_DESC (certtool_opt_strs+4112) /** Upper-cased name for the p7-include-cert option */ -#define P7_INCLUDE_CERT_NAME (certtool_opt_strs+4108) +#define P7_INCLUDE_CERT_NAME (certtool_opt_strs+4172) /** disablement name for the p7-include-cert option */ -#define NOT_P7_INCLUDE_CERT_name (certtool_opt_strs+4124) +#define NOT_P7_INCLUDE_CERT_name (certtool_opt_strs+4188) /** disablement prefix for the p7-include-cert option */ -#define NOT_P7_INCLUDE_CERT_PFX (certtool_opt_strs+4143) +#define NOT_P7_INCLUDE_CERT_PFX (certtool_opt_strs+4207) /** Name string for the p7-include-cert option */ #define P7_INCLUDE_CERT_name (NOT_P7_INCLUDE_CERT_name + 3) /** Compiled in flag settings for the p7-include-cert option */ @@ -991,13 +1004,13 @@ static int const aVerify_EmailCantList[] = { * p7-time option description: */ /** Descriptive text for the p7-time option */ -#define P7_TIME_DESC (certtool_opt_strs+4146) +#define P7_TIME_DESC (certtool_opt_strs+4210) /** Upper-cased name for the p7-time option */ -#define P7_TIME_NAME (certtool_opt_strs+4196) +#define P7_TIME_NAME (certtool_opt_strs+4260) /** disablement name for the p7-time option */ -#define NOT_P7_TIME_name (certtool_opt_strs+4204) +#define NOT_P7_TIME_name (certtool_opt_strs+4268) /** disablement prefix for the p7-time option */ -#define NOT_P7_TIME_PFX (certtool_opt_strs+4143) +#define NOT_P7_TIME_PFX (certtool_opt_strs+4207) /** Name string for the p7-time option */ #define P7_TIME_name (NOT_P7_TIME_name + 3) /** Compiled in flag settings for the p7-time option */ @@ -1007,13 +1020,13 @@ static int const aVerify_EmailCantList[] = { * p7-show-data option description: */ /** Descriptive text for the p7-show-data option */ -#define P7_SHOW_DATA_DESC (certtool_opt_strs+4215) +#define P7_SHOW_DATA_DESC (certtool_opt_strs+4279) /** Upper-cased name for the p7-show-data option */ -#define P7_SHOW_DATA_NAME (certtool_opt_strs+4268) +#define P7_SHOW_DATA_NAME (certtool_opt_strs+4332) /** disablement name for the p7-show-data option */ -#define NOT_P7_SHOW_DATA_name (certtool_opt_strs+4281) +#define NOT_P7_SHOW_DATA_name (certtool_opt_strs+4345) /** disablement prefix for the p7-show-data option */ -#define NOT_P7_SHOW_DATA_PFX (certtool_opt_strs+4143) +#define NOT_P7_SHOW_DATA_PFX (certtool_opt_strs+4207) /** Name string for the p7-show-data option */ #define P7_SHOW_DATA_name (NOT_P7_SHOW_DATA_name + 3) /** Compiled in flag settings for the p7-show-data option */ @@ -1023,11 +1036,11 @@ static int const aVerify_EmailCantList[] = { * p7-info option description: */ /** Descriptive text for the p7-info option */ -#define P7_INFO_DESC (certtool_opt_strs+4297) +#define P7_INFO_DESC (certtool_opt_strs+4361) /** Upper-cased name for the p7-info option */ -#define P7_INFO_NAME (certtool_opt_strs+4338) +#define P7_INFO_NAME (certtool_opt_strs+4402) /** Name string for the p7-info option */ -#define P7_INFO_name (certtool_opt_strs+4346) +#define P7_INFO_name (certtool_opt_strs+4410) /** Compiled in flag settings for the p7-info option */ #define P7_INFO_FLAGS (OPTST_DISABLED) @@ -1035,11 +1048,11 @@ static int const aVerify_EmailCantList[] = { * p7-verify option description: */ /** Descriptive text for the p7-verify option */ -#define P7_VERIFY_DESC (certtool_opt_strs+4354) +#define P7_VERIFY_DESC (certtool_opt_strs+4418) /** Upper-cased name for the p7-verify option */ -#define P7_VERIFY_NAME (certtool_opt_strs+4392) +#define P7_VERIFY_NAME (certtool_opt_strs+4456) /** Name string for the p7-verify option */ -#define P7_VERIFY_name (certtool_opt_strs+4402) +#define P7_VERIFY_name (certtool_opt_strs+4466) /** Compiled in flag settings for the p7-verify option */ #define P7_VERIFY_FLAGS (OPTST_DISABLED) @@ -1047,11 +1060,11 @@ static int const aVerify_EmailCantList[] = { * smime-to-p7 option description: */ /** Descriptive text for the smime-to-p7 option */ -#define SMIME_TO_P7_DESC (certtool_opt_strs+4412) +#define SMIME_TO_P7_DESC (certtool_opt_strs+4476) /** Upper-cased name for the smime-to-p7 option */ -#define SMIME_TO_P7_NAME (certtool_opt_strs+4448) +#define SMIME_TO_P7_NAME (certtool_opt_strs+4512) /** Name string for the smime-to-p7 option */ -#define SMIME_TO_P7_name (certtool_opt_strs+4460) +#define SMIME_TO_P7_name (certtool_opt_strs+4524) /** Compiled in flag settings for the smime-to-p7 option */ #define SMIME_TO_P7_FLAGS (OPTST_DISABLED) @@ -1059,18 +1072,18 @@ static int const aVerify_EmailCantList[] = { * other_options option description: */ /** other_options option separation text */ -#define OTHER_OPTIONS_DESC (certtool_opt_strs+4472) +#define OTHER_OPTIONS_DESC (certtool_opt_strs+4536) #define OTHER_OPTIONS_FLAGS (OPTST_DOCUMENT | OPTST_NO_INIT) /** * generate-dh-params option description: */ /** Descriptive text for the generate-dh-params option */ -#define GENERATE_DH_PARAMS_DESC (certtool_opt_strs+4487) +#define GENERATE_DH_PARAMS_DESC (certtool_opt_strs+4551) /** Upper-cased name for the generate-dh-params option */ -#define GENERATE_DH_PARAMS_NAME (certtool_opt_strs+4551) +#define GENERATE_DH_PARAMS_NAME (certtool_opt_strs+4615) /** Name string for the generate-dh-params option */ -#define GENERATE_DH_PARAMS_name (certtool_opt_strs+4570) +#define GENERATE_DH_PARAMS_name (certtool_opt_strs+4634) /** Compiled in flag settings for the generate-dh-params option */ #define GENERATE_DH_PARAMS_FLAGS (OPTST_DISABLED | OPTST_DEPRECATED) @@ -1078,11 +1091,11 @@ static int const aVerify_EmailCantList[] = { * get-dh-params option description: */ /** Descriptive text for the get-dh-params option */ -#define GET_DH_PARAMS_DESC (certtool_opt_strs+4589) +#define GET_DH_PARAMS_DESC (certtool_opt_strs+4653) /** Upper-cased name for the get-dh-params option */ -#define GET_DH_PARAMS_NAME (certtool_opt_strs+4649) +#define GET_DH_PARAMS_NAME (certtool_opt_strs+4713) /** Name string for the get-dh-params option */ -#define GET_DH_PARAMS_name (certtool_opt_strs+4663) +#define GET_DH_PARAMS_name (certtool_opt_strs+4727) /** Compiled in flag settings for the get-dh-params option */ #define GET_DH_PARAMS_FLAGS (OPTST_DISABLED) @@ -1090,11 +1103,11 @@ static int const aVerify_EmailCantList[] = { * dh-info option description: */ /** Descriptive text for the dh-info option */ -#define DH_INFO_DESC (certtool_opt_strs+4677) +#define DH_INFO_DESC (certtool_opt_strs+4741) /** Upper-cased name for the dh-info option */ -#define DH_INFO_NAME (certtool_opt_strs+4737) +#define DH_INFO_NAME (certtool_opt_strs+4801) /** Name string for the dh-info option */ -#define DH_INFO_name (certtool_opt_strs+4745) +#define DH_INFO_name (certtool_opt_strs+4809) /** Compiled in flag settings for the dh-info option */ #define DH_INFO_FLAGS (OPTST_DISABLED) @@ -1102,11 +1115,11 @@ static int const aVerify_EmailCantList[] = { * load-privkey option description: */ /** Descriptive text for the load-privkey option */ -#define LOAD_PRIVKEY_DESC (certtool_opt_strs+4753) +#define LOAD_PRIVKEY_DESC (certtool_opt_strs+4817) /** Upper-cased name for the load-privkey option */ -#define LOAD_PRIVKEY_NAME (certtool_opt_strs+4778) +#define LOAD_PRIVKEY_NAME (certtool_opt_strs+4842) /** Name string for the load-privkey option */ -#define LOAD_PRIVKEY_name (certtool_opt_strs+4791) +#define LOAD_PRIVKEY_name (certtool_opt_strs+4855) /** Compiled in flag settings for the load-privkey option */ #define LOAD_PRIVKEY_FLAGS (OPTST_DISABLED \ | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING)) @@ -1115,11 +1128,11 @@ static int const aVerify_EmailCantList[] = { * load-pubkey option description: */ /** Descriptive text for the load-pubkey option */ -#define LOAD_PUBKEY_DESC (certtool_opt_strs+4804) +#define LOAD_PUBKEY_DESC (certtool_opt_strs+4868) /** Upper-cased name for the load-pubkey option */ -#define LOAD_PUBKEY_NAME (certtool_opt_strs+4828) +#define LOAD_PUBKEY_NAME (certtool_opt_strs+4892) /** Name string for the load-pubkey option */ -#define LOAD_PUBKEY_name (certtool_opt_strs+4840) +#define LOAD_PUBKEY_name (certtool_opt_strs+4904) /** Compiled in flag settings for the load-pubkey option */ #define LOAD_PUBKEY_FLAGS (OPTST_DISABLED \ | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING)) @@ -1128,11 +1141,11 @@ static int const aVerify_EmailCantList[] = { * load-request option description: */ /** Descriptive text for the load-request option */ -#define LOAD_REQUEST_DESC (certtool_opt_strs+4852) +#define LOAD_REQUEST_DESC (certtool_opt_strs+4916) /** Upper-cased name for the load-request option */ -#define LOAD_REQUEST_NAME (certtool_opt_strs+4885) +#define LOAD_REQUEST_NAME (certtool_opt_strs+4949) /** Name string for the load-request option */ -#define LOAD_REQUEST_name (certtool_opt_strs+4898) +#define LOAD_REQUEST_name (certtool_opt_strs+4962) /** Compiled in flag settings for the load-request option */ #define LOAD_REQUEST_FLAGS (OPTST_DISABLED \ | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING)) @@ -1141,11 +1154,11 @@ static int const aVerify_EmailCantList[] = { * load-certificate option description: */ /** Descriptive text for the load-certificate option */ -#define LOAD_CERTIFICATE_DESC (certtool_opt_strs+4911) +#define LOAD_CERTIFICATE_DESC (certtool_opt_strs+4975) /** Upper-cased name for the load-certificate option */ -#define LOAD_CERTIFICATE_NAME (certtool_opt_strs+4936) +#define LOAD_CERTIFICATE_NAME (certtool_opt_strs+5000) /** Name string for the load-certificate option */ -#define LOAD_CERTIFICATE_name (certtool_opt_strs+4953) +#define LOAD_CERTIFICATE_name (certtool_opt_strs+5017) /** Compiled in flag settings for the load-certificate option */ #define LOAD_CERTIFICATE_FLAGS (OPTST_DISABLED \ | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING)) @@ -1154,11 +1167,11 @@ static int const aVerify_EmailCantList[] = { * load-ca-privkey option description: */ /** Descriptive text for the load-ca-privkey option */ -#define LOAD_CA_PRIVKEY_DESC (certtool_opt_strs+4970) +#define LOAD_CA_PRIVKEY_DESC (certtool_opt_strs+5034) /** Upper-cased name for the load-ca-privkey option */ -#define LOAD_CA_PRIVKEY_NAME (certtool_opt_strs+5021) +#define LOAD_CA_PRIVKEY_NAME (certtool_opt_strs+5085) /** Name string for the load-ca-privkey option */ -#define LOAD_CA_PRIVKEY_name (certtool_opt_strs+5037) +#define LOAD_CA_PRIVKEY_name (certtool_opt_strs+5101) /** Compiled in flag settings for the load-ca-privkey option */ #define LOAD_CA_PRIVKEY_FLAGS (OPTST_DISABLED \ | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING)) @@ -1167,11 +1180,11 @@ static int const aVerify_EmailCantList[] = { * load-ca-certificate option description: */ /** Descriptive text for the load-ca-certificate option */ -#define LOAD_CA_CERTIFICATE_DESC (certtool_opt_strs+5053) +#define LOAD_CA_CERTIFICATE_DESC (certtool_opt_strs+5117) /** Upper-cased name for the load-ca-certificate option */ -#define LOAD_CA_CERTIFICATE_NAME (certtool_opt_strs+5104) +#define LOAD_CA_CERTIFICATE_NAME (certtool_opt_strs+5168) /** Name string for the load-ca-certificate option */ -#define LOAD_CA_CERTIFICATE_name (certtool_opt_strs+5124) +#define LOAD_CA_CERTIFICATE_name (certtool_opt_strs+5188) /** Compiled in flag settings for the load-ca-certificate option */ #define LOAD_CA_CERTIFICATE_FLAGS (OPTST_DISABLED \ | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING)) @@ -1180,11 +1193,11 @@ static int const aVerify_EmailCantList[] = { * load-crl option description: */ /** Descriptive text for the load-crl option */ -#define LOAD_CRL_DESC (certtool_opt_strs+5144) +#define LOAD_CRL_DESC (certtool_opt_strs+5208) /** Upper-cased name for the load-crl option */ -#define LOAD_CRL_NAME (certtool_opt_strs+5167) +#define LOAD_CRL_NAME (certtool_opt_strs+5231) /** Name string for the load-crl option */ -#define LOAD_CRL_name (certtool_opt_strs+5176) +#define LOAD_CRL_name (certtool_opt_strs+5240) /** Compiled in flag settings for the load-crl option */ #define LOAD_CRL_FLAGS (OPTST_DISABLED \ | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING)) @@ -1193,11 +1206,11 @@ static int const aVerify_EmailCantList[] = { * load-data option description: */ /** Descriptive text for the load-data option */ -#define LOAD_DATA_DESC (certtool_opt_strs+5185) +#define LOAD_DATA_DESC (certtool_opt_strs+5249) /** Upper-cased name for the load-data option */ -#define LOAD_DATA_NAME (certtool_opt_strs+5206) +#define LOAD_DATA_NAME (certtool_opt_strs+5270) /** Name string for the load-data option */ -#define LOAD_DATA_name (certtool_opt_strs+5216) +#define LOAD_DATA_name (certtool_opt_strs+5280) /** Compiled in flag settings for the load-data option */ #define LOAD_DATA_FLAGS (OPTST_DISABLED \ | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING)) @@ -1206,11 +1219,11 @@ static int const aVerify_EmailCantList[] = { * password option description: */ /** Descriptive text for the password option */ -#define PASSWORD_DESC (certtool_opt_strs+5226) +#define PASSWORD_DESC (certtool_opt_strs+5290) /** Upper-cased name for the password option */ -#define PASSWORD_NAME (certtool_opt_strs+5242) +#define PASSWORD_NAME (certtool_opt_strs+5306) /** Name string for the password option */ -#define PASSWORD_name (certtool_opt_strs+5251) +#define PASSWORD_name (certtool_opt_strs+5315) /** Compiled in flag settings for the password option */ #define PASSWORD_FLAGS (OPTST_DISABLED \ | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING)) @@ -1219,11 +1232,11 @@ static int const aVerify_EmailCantList[] = { * null-password option description: */ /** Descriptive text for the null-password option */ -#define NULL_PASSWORD_DESC (certtool_opt_strs+5260) +#define NULL_PASSWORD_DESC (certtool_opt_strs+5324) /** Upper-cased name for the null-password option */ -#define NULL_PASSWORD_NAME (certtool_opt_strs+5284) +#define NULL_PASSWORD_NAME (certtool_opt_strs+5348) /** Name string for the null-password option */ -#define NULL_PASSWORD_name (certtool_opt_strs+5298) +#define NULL_PASSWORD_name (certtool_opt_strs+5362) /** Compiled in flag settings for the null-password option */ #define NULL_PASSWORD_FLAGS (OPTST_DISABLED) @@ -1231,11 +1244,11 @@ static int const aVerify_EmailCantList[] = { * empty-password option description: */ /** Descriptive text for the empty-password option */ -#define EMPTY_PASSWORD_DESC (certtool_opt_strs+5312) +#define EMPTY_PASSWORD_DESC (certtool_opt_strs+5376) /** Upper-cased name for the empty-password option */ -#define EMPTY_PASSWORD_NAME (certtool_opt_strs+5338) +#define EMPTY_PASSWORD_NAME (certtool_opt_strs+5402) /** Name string for the empty-password option */ -#define EMPTY_PASSWORD_name (certtool_opt_strs+5353) +#define EMPTY_PASSWORD_name (certtool_opt_strs+5417) /** Compiled in flag settings for the empty-password option */ #define EMPTY_PASSWORD_FLAGS (OPTST_DISABLED) @@ -1243,11 +1256,11 @@ static int const aVerify_EmailCantList[] = { * hex-numbers option description: */ /** Descriptive text for the hex-numbers option */ -#define HEX_NUMBERS_DESC (certtool_opt_strs+5368) +#define HEX_NUMBERS_DESC (certtool_opt_strs+5432) /** Upper-cased name for the hex-numbers option */ -#define HEX_NUMBERS_NAME (certtool_opt_strs+5414) +#define HEX_NUMBERS_NAME (certtool_opt_strs+5478) /** Name string for the hex-numbers option */ -#define HEX_NUMBERS_name (certtool_opt_strs+5426) +#define HEX_NUMBERS_name (certtool_opt_strs+5490) /** Compiled in flag settings for the hex-numbers option */ #define HEX_NUMBERS_FLAGS (OPTST_DISABLED) @@ -1255,11 +1268,11 @@ static int const aVerify_EmailCantList[] = { * cprint option description: */ /** Descriptive text for the cprint option */ -#define CPRINT_DESC (certtool_opt_strs+5438) +#define CPRINT_DESC (certtool_opt_strs+5502) /** Upper-cased name for the cprint option */ -#define CPRINT_NAME (certtool_opt_strs+5507) +#define CPRINT_NAME (certtool_opt_strs+5571) /** Name string for the cprint option */ -#define CPRINT_name (certtool_opt_strs+5514) +#define CPRINT_name (certtool_opt_strs+5578) /** Compiled in flag settings for the cprint option */ #define CPRINT_FLAGS (OPTST_DISABLED) @@ -1267,11 +1280,11 @@ static int const aVerify_EmailCantList[] = { * rsa option description: */ /** Descriptive text for the rsa option */ -#define RSA_DESC (certtool_opt_strs+5521) +#define RSA_DESC (certtool_opt_strs+5585) /** Upper-cased name for the rsa option */ -#define RSA_NAME (certtool_opt_strs+5551) +#define RSA_NAME (certtool_opt_strs+5615) /** Name string for the rsa option */ -#define RSA_name (certtool_opt_strs+5555) +#define RSA_name (certtool_opt_strs+5619) /** Compiled in flag settings for the rsa option */ #define RSA_FLAGS (OPTST_DISABLED | OPTST_DEPRECATED) @@ -1279,11 +1292,11 @@ static int const aVerify_EmailCantList[] = { * dsa option description: */ /** Descriptive text for the dsa option */ -#define DSA_DESC (certtool_opt_strs+5559) +#define DSA_DESC (certtool_opt_strs+5623) /** Upper-cased name for the dsa option */ -#define DSA_NAME (certtool_opt_strs+5589) +#define DSA_NAME (certtool_opt_strs+5653) /** Name string for the dsa option */ -#define DSA_name (certtool_opt_strs+5593) +#define DSA_name (certtool_opt_strs+5657) /** Compiled in flag settings for the dsa option */ #define DSA_FLAGS (OPTST_DISABLED | OPTST_DEPRECATED) @@ -1291,11 +1304,11 @@ static int const aVerify_EmailCantList[] = { * ecc option description: */ /** Descriptive text for the ecc option */ -#define ECC_DESC (certtool_opt_strs+5597) +#define ECC_DESC (certtool_opt_strs+5661) /** Upper-cased name for the ecc option */ -#define ECC_NAME (certtool_opt_strs+5635) +#define ECC_NAME (certtool_opt_strs+5699) /** Name string for the ecc option */ -#define ECC_name (certtool_opt_strs+5639) +#define ECC_name (certtool_opt_strs+5703) /** Compiled in flag settings for the ecc option */ #define ECC_FLAGS (OPTST_DISABLED | OPTST_DEPRECATED) @@ -1303,27 +1316,14 @@ static int const aVerify_EmailCantList[] = { * ecdsa option description: */ /** Descriptive text for the ecdsa option */ -#define ECDSA_DESC (certtool_opt_strs+5643) +#define ECDSA_DESC (certtool_opt_strs+5707) #define ECDSA_NAME NULL /** Unmodified name string for the ecdsa option */ -#define ECDSA_name (certtool_opt_strs+5686) +#define ECDSA_name (certtool_opt_strs+5750) /** Compiled in flag settings for the ecdsa option */ #define ECDSA_FLAGS (ECC_FLAGS | OPTST_ALIAS | OPTST_DEPRECATED) /** - * key-type option description: - */ -/** Descriptive text for the key-type option */ -#define KEY_TYPE_DESC (certtool_opt_strs+5692) -/** Upper-cased name for the key-type option */ -#define KEY_TYPE_NAME (certtool_opt_strs+5738) -/** Name string for the key-type option */ -#define KEY_TYPE_name (certtool_opt_strs+5747) -/** Compiled in flag settings for the key-type option */ -#define KEY_TYPE_FLAGS (OPTST_DISABLED \ - | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING)) - -/** * hash option description: */ /** Descriptive text for the hash option */ @@ -1359,7 +1359,7 @@ static int const aVerify_EmailCantList[] = { /** disablement name for the inder option */ #define NOT_INDER_name (certtool_opt_strs+5939) /** disablement prefix for the inder option */ -#define NOT_INDER_PFX (certtool_opt_strs+4143) +#define NOT_INDER_PFX (certtool_opt_strs+4207) /** Name string for the inder option */ #define INDER_name (NOT_INDER_name + 3) /** Compiled in flag settings for the inder option */ @@ -1386,7 +1386,7 @@ static int const aVerify_EmailCantList[] = { /** disablement name for the outder option */ #define NOT_OUTDER_name (certtool_opt_strs+6065) /** disablement prefix for the outder option */ -#define NOT_OUTDER_PFX (certtool_opt_strs+4143) +#define NOT_OUTDER_PFX (certtool_opt_strs+4207) /** Name string for the outder option */ #define OUTDER_name (NOT_OUTDER_name + 3) /** Compiled in flag settings for the outder option */ @@ -1868,8 +1868,20 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ GENERATE_PRIVKEY_DESC, GENERATE_PRIVKEY_NAME, GENERATE_PRIVKEY_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 29, VALUE_OPT_BITS, - /* equiv idx, value */ 29, VALUE_OPT_BITS, + { /* entry idx, value */ 29, VALUE_OPT_KEY_TYPE, + /* equiv idx, value */ 29, VALUE_OPT_KEY_TYPE, + /* equivalenced to */ NO_EQUIVALENT, + /* min, max, act ct */ 0, 1, 0, + /* opt state flags */ KEY_TYPE_FLAGS, 0, + /* last opt argumnt */ { NULL }, /* --key-type */ + /* arg list/cookie */ NULL, + /* must/cannot opts */ NULL, NULL, + /* option proc */ NULL, + /* desc, NAME, name */ KEY_TYPE_DESC, KEY_TYPE_NAME, KEY_TYPE_name, + /* disablement strs */ NULL, NULL }, + + { /* entry idx, value */ 30, VALUE_OPT_BITS, + /* equiv idx, value */ 30, VALUE_OPT_BITS, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ BITS_FLAGS, 0, @@ -1880,8 +1892,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ BITS_DESC, BITS_NAME, BITS_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 30, VALUE_OPT_CURVE, - /* equiv idx, value */ 30, VALUE_OPT_CURVE, + { /* entry idx, value */ 31, VALUE_OPT_CURVE, + /* equiv idx, value */ 31, VALUE_OPT_CURVE, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ CURVE_FLAGS, 0, @@ -1892,8 +1904,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ CURVE_DESC, CURVE_NAME, CURVE_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 31, VALUE_OPT_SEC_PARAM, - /* equiv idx, value */ 31, VALUE_OPT_SEC_PARAM, + { /* entry idx, value */ 32, VALUE_OPT_SEC_PARAM, + /* equiv idx, value */ 32, VALUE_OPT_SEC_PARAM, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ SEC_PARAM_FLAGS, 0, @@ -1904,8 +1916,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ SEC_PARAM_DESC, SEC_PARAM_NAME, SEC_PARAM_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 32, VALUE_OPT_TO_P8, - /* equiv idx, value */ 32, VALUE_OPT_TO_P8, + { /* entry idx, value */ 33, VALUE_OPT_TO_P8, + /* equiv idx, value */ 33, VALUE_OPT_TO_P8, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ TO_P8_FLAGS, 0, @@ -1916,8 +1928,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ TO_P8_DESC, TO_P8_NAME, TO_P8_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 33, VALUE_OPT_PKCS8, - /* equiv idx, value */ 33, VALUE_OPT_PKCS8, + { /* entry idx, value */ 34, VALUE_OPT_PKCS8, + /* equiv idx, value */ 34, VALUE_OPT_PKCS8, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ PKCS8_FLAGS, 0, @@ -1928,8 +1940,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ PKCS8_DESC, PKCS8_NAME, PKCS8_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 34, VALUE_OPT_PROVABLE, - /* equiv idx, value */ 34, VALUE_OPT_PROVABLE, + { /* entry idx, value */ 35, VALUE_OPT_PROVABLE, + /* equiv idx, value */ 35, VALUE_OPT_PROVABLE, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ PROVABLE_FLAGS, 0, @@ -1940,8 +1952,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ PROVABLE_DESC, PROVABLE_NAME, PROVABLE_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 35, VALUE_OPT_VERIFY_PROVABLE_PRIVKEY, - /* equiv idx, value */ 35, VALUE_OPT_VERIFY_PROVABLE_PRIVKEY, + { /* entry idx, value */ 36, VALUE_OPT_VERIFY_PROVABLE_PRIVKEY, + /* equiv idx, value */ 36, VALUE_OPT_VERIFY_PROVABLE_PRIVKEY, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ VERIFY_PROVABLE_PRIVKEY_FLAGS, 0, @@ -1952,8 +1964,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ VERIFY_PROVABLE_PRIVKEY_DESC, VERIFY_PROVABLE_PRIVKEY_NAME, VERIFY_PROVABLE_PRIVKEY_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 36, VALUE_OPT_SEED, - /* equiv idx, value */ 36, VALUE_OPT_SEED, + { /* entry idx, value */ 37, VALUE_OPT_SEED, + /* equiv idx, value */ 37, VALUE_OPT_SEED, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ SEED_FLAGS, 0, @@ -1976,8 +1988,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ CRL_OPTIONS_DESC, NULL, NULL, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 38, VALUE_OPT_CRL_INFO, - /* equiv idx, value */ 38, VALUE_OPT_CRL_INFO, + { /* entry idx, value */ 39, VALUE_OPT_CRL_INFO, + /* equiv idx, value */ 39, VALUE_OPT_CRL_INFO, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ CRL_INFO_FLAGS, 0, @@ -1988,8 +2000,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ CRL_INFO_DESC, CRL_INFO_NAME, CRL_INFO_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 39, VALUE_OPT_GENERATE_CRL, - /* equiv idx, value */ 39, VALUE_OPT_GENERATE_CRL, + { /* entry idx, value */ 40, VALUE_OPT_GENERATE_CRL, + /* equiv idx, value */ 40, VALUE_OPT_GENERATE_CRL, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ GENERATE_CRL_FLAGS, 0, @@ -2000,8 +2012,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ GENERATE_CRL_DESC, GENERATE_CRL_NAME, GENERATE_CRL_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 40, VALUE_OPT_VERIFY_CRL, - /* equiv idx, value */ 40, VALUE_OPT_VERIFY_CRL, + { /* entry idx, value */ 41, VALUE_OPT_VERIFY_CRL, + /* equiv idx, value */ 41, VALUE_OPT_VERIFY_CRL, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ VERIFY_CRL_FLAGS, 0, @@ -2024,8 +2036,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ CERT_VERIFY_OPTIONS_DESC, NULL, NULL, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 42, VALUE_OPT_VERIFY_CHAIN, - /* equiv idx, value */ 42, VALUE_OPT_VERIFY_CHAIN, + { /* entry idx, value */ 43, VALUE_OPT_VERIFY_CHAIN, + /* equiv idx, value */ 43, VALUE_OPT_VERIFY_CHAIN, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ VERIFY_CHAIN_FLAGS, 0, @@ -2036,8 +2048,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ VERIFY_CHAIN_DESC, VERIFY_CHAIN_NAME, VERIFY_CHAIN_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 43, VALUE_OPT_VERIFY, - /* equiv idx, value */ 43, VALUE_OPT_VERIFY, + { /* entry idx, value */ 44, VALUE_OPT_VERIFY, + /* equiv idx, value */ 44, VALUE_OPT_VERIFY, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ VERIFY_FLAGS, 0, @@ -2048,8 +2060,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ VERIFY_DESC, VERIFY_NAME, VERIFY_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 44, VALUE_OPT_VERIFY_HOSTNAME, - /* equiv idx, value */ 44, VALUE_OPT_VERIFY_HOSTNAME, + { /* entry idx, value */ 45, VALUE_OPT_VERIFY_HOSTNAME, + /* equiv idx, value */ 45, VALUE_OPT_VERIFY_HOSTNAME, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ VERIFY_HOSTNAME_FLAGS, 0, @@ -2060,8 +2072,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ VERIFY_HOSTNAME_DESC, VERIFY_HOSTNAME_NAME, VERIFY_HOSTNAME_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 45, VALUE_OPT_VERIFY_EMAIL, - /* equiv idx, value */ 45, VALUE_OPT_VERIFY_EMAIL, + { /* entry idx, value */ 46, VALUE_OPT_VERIFY_EMAIL, + /* equiv idx, value */ 46, VALUE_OPT_VERIFY_EMAIL, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ VERIFY_EMAIL_FLAGS, 0, @@ -2072,8 +2084,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ VERIFY_EMAIL_DESC, VERIFY_EMAIL_NAME, VERIFY_EMAIL_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 46, VALUE_OPT_VERIFY_PURPOSE, - /* equiv idx, value */ 46, VALUE_OPT_VERIFY_PURPOSE, + { /* entry idx, value */ 47, VALUE_OPT_VERIFY_PURPOSE, + /* equiv idx, value */ 47, VALUE_OPT_VERIFY_PURPOSE, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ VERIFY_PURPOSE_FLAGS, 0, @@ -2084,8 +2096,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ VERIFY_PURPOSE_DESC, VERIFY_PURPOSE_NAME, VERIFY_PURPOSE_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 47, VALUE_OPT_VERIFY_ALLOW_BROKEN, - /* equiv idx, value */ 47, VALUE_OPT_VERIFY_ALLOW_BROKEN, + { /* entry idx, value */ 48, VALUE_OPT_VERIFY_ALLOW_BROKEN, + /* equiv idx, value */ 48, VALUE_OPT_VERIFY_ALLOW_BROKEN, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ VERIFY_ALLOW_BROKEN_FLAGS, 0, @@ -2108,8 +2120,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ PKCS7_OPTIONS_DESC, NULL, NULL, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 49, VALUE_OPT_P7_GENERATE, - /* equiv idx, value */ 49, VALUE_OPT_P7_GENERATE, + { /* entry idx, value */ 50, VALUE_OPT_P7_GENERATE, + /* equiv idx, value */ 50, VALUE_OPT_P7_GENERATE, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ P7_GENERATE_FLAGS, 0, @@ -2120,8 +2132,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ P7_GENERATE_DESC, P7_GENERATE_NAME, P7_GENERATE_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 50, VALUE_OPT_P7_SIGN, - /* equiv idx, value */ 50, VALUE_OPT_P7_SIGN, + { /* entry idx, value */ 51, VALUE_OPT_P7_SIGN, + /* equiv idx, value */ 51, VALUE_OPT_P7_SIGN, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ P7_SIGN_FLAGS, 0, @@ -2132,8 +2144,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ P7_SIGN_DESC, P7_SIGN_NAME, P7_SIGN_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 51, VALUE_OPT_P7_DETACHED_SIGN, - /* equiv idx, value */ 51, VALUE_OPT_P7_DETACHED_SIGN, + { /* entry idx, value */ 52, VALUE_OPT_P7_DETACHED_SIGN, + /* equiv idx, value */ 52, VALUE_OPT_P7_DETACHED_SIGN, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ P7_DETACHED_SIGN_FLAGS, 0, @@ -2144,8 +2156,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ P7_DETACHED_SIGN_DESC, P7_DETACHED_SIGN_NAME, P7_DETACHED_SIGN_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 52, VALUE_OPT_P7_INCLUDE_CERT, - /* equiv idx, value */ 52, VALUE_OPT_P7_INCLUDE_CERT, + { /* entry idx, value */ 53, VALUE_OPT_P7_INCLUDE_CERT, + /* equiv idx, value */ 53, VALUE_OPT_P7_INCLUDE_CERT, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ P7_INCLUDE_CERT_FLAGS, 0, @@ -2156,8 +2168,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ P7_INCLUDE_CERT_DESC, P7_INCLUDE_CERT_NAME, P7_INCLUDE_CERT_name, /* disablement strs */ NOT_P7_INCLUDE_CERT_name, NOT_P7_INCLUDE_CERT_PFX }, - { /* entry idx, value */ 53, VALUE_OPT_P7_TIME, - /* equiv idx, value */ 53, VALUE_OPT_P7_TIME, + { /* entry idx, value */ 54, VALUE_OPT_P7_TIME, + /* equiv idx, value */ 54, VALUE_OPT_P7_TIME, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ P7_TIME_FLAGS, 0, @@ -2168,8 +2180,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ P7_TIME_DESC, P7_TIME_NAME, P7_TIME_name, /* disablement strs */ NOT_P7_TIME_name, NOT_P7_TIME_PFX }, - { /* entry idx, value */ 54, VALUE_OPT_P7_SHOW_DATA, - /* equiv idx, value */ 54, VALUE_OPT_P7_SHOW_DATA, + { /* entry idx, value */ 55, VALUE_OPT_P7_SHOW_DATA, + /* equiv idx, value */ 55, VALUE_OPT_P7_SHOW_DATA, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ P7_SHOW_DATA_FLAGS, 0, @@ -2180,8 +2192,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ P7_SHOW_DATA_DESC, P7_SHOW_DATA_NAME, P7_SHOW_DATA_name, /* disablement strs */ NOT_P7_SHOW_DATA_name, NOT_P7_SHOW_DATA_PFX }, - { /* entry idx, value */ 55, VALUE_OPT_P7_INFO, - /* equiv idx, value */ 55, VALUE_OPT_P7_INFO, + { /* entry idx, value */ 56, VALUE_OPT_P7_INFO, + /* equiv idx, value */ 56, VALUE_OPT_P7_INFO, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ P7_INFO_FLAGS, 0, @@ -2192,8 +2204,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ P7_INFO_DESC, P7_INFO_NAME, P7_INFO_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 56, VALUE_OPT_P7_VERIFY, - /* equiv idx, value */ 56, VALUE_OPT_P7_VERIFY, + { /* entry idx, value */ 57, VALUE_OPT_P7_VERIFY, + /* equiv idx, value */ 57, VALUE_OPT_P7_VERIFY, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ P7_VERIFY_FLAGS, 0, @@ -2204,8 +2216,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ P7_VERIFY_DESC, P7_VERIFY_NAME, P7_VERIFY_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 57, VALUE_OPT_SMIME_TO_P7, - /* equiv idx, value */ 57, VALUE_OPT_SMIME_TO_P7, + { /* entry idx, value */ 58, VALUE_OPT_SMIME_TO_P7, + /* equiv idx, value */ 58, VALUE_OPT_SMIME_TO_P7, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ SMIME_TO_P7_FLAGS, 0, @@ -2228,8 +2240,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ OTHER_OPTIONS_DESC, NULL, NULL, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 59, VALUE_OPT_GENERATE_DH_PARAMS, - /* equiv idx, value */ 59, VALUE_OPT_GENERATE_DH_PARAMS, + { /* entry idx, value */ 60, VALUE_OPT_GENERATE_DH_PARAMS, + /* equiv idx, value */ 60, VALUE_OPT_GENERATE_DH_PARAMS, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ GENERATE_DH_PARAMS_FLAGS, 0, @@ -2240,8 +2252,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ GENERATE_DH_PARAMS_DESC, GENERATE_DH_PARAMS_NAME, GENERATE_DH_PARAMS_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 60, VALUE_OPT_GET_DH_PARAMS, - /* equiv idx, value */ 60, VALUE_OPT_GET_DH_PARAMS, + { /* entry idx, value */ 61, VALUE_OPT_GET_DH_PARAMS, + /* equiv idx, value */ 61, VALUE_OPT_GET_DH_PARAMS, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ GET_DH_PARAMS_FLAGS, 0, @@ -2252,8 +2264,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ GET_DH_PARAMS_DESC, GET_DH_PARAMS_NAME, GET_DH_PARAMS_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 61, VALUE_OPT_DH_INFO, - /* equiv idx, value */ 61, VALUE_OPT_DH_INFO, + { /* entry idx, value */ 62, VALUE_OPT_DH_INFO, + /* equiv idx, value */ 62, VALUE_OPT_DH_INFO, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ DH_INFO_FLAGS, 0, @@ -2264,8 +2276,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ DH_INFO_DESC, DH_INFO_NAME, DH_INFO_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 62, VALUE_OPT_LOAD_PRIVKEY, - /* equiv idx, value */ 62, VALUE_OPT_LOAD_PRIVKEY, + { /* entry idx, value */ 63, VALUE_OPT_LOAD_PRIVKEY, + /* equiv idx, value */ 63, VALUE_OPT_LOAD_PRIVKEY, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ LOAD_PRIVKEY_FLAGS, 0, @@ -2276,8 +2288,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ LOAD_PRIVKEY_DESC, LOAD_PRIVKEY_NAME, LOAD_PRIVKEY_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 63, VALUE_OPT_LOAD_PUBKEY, - /* equiv idx, value */ 63, VALUE_OPT_LOAD_PUBKEY, + { /* entry idx, value */ 64, VALUE_OPT_LOAD_PUBKEY, + /* equiv idx, value */ 64, VALUE_OPT_LOAD_PUBKEY, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ LOAD_PUBKEY_FLAGS, 0, @@ -2288,8 +2300,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ LOAD_PUBKEY_DESC, LOAD_PUBKEY_NAME, LOAD_PUBKEY_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 64, VALUE_OPT_LOAD_REQUEST, - /* equiv idx, value */ 64, VALUE_OPT_LOAD_REQUEST, + { /* entry idx, value */ 65, VALUE_OPT_LOAD_REQUEST, + /* equiv idx, value */ 65, VALUE_OPT_LOAD_REQUEST, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ LOAD_REQUEST_FLAGS, 0, @@ -2300,8 +2312,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ LOAD_REQUEST_DESC, LOAD_REQUEST_NAME, LOAD_REQUEST_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 65, VALUE_OPT_LOAD_CERTIFICATE, - /* equiv idx, value */ 65, VALUE_OPT_LOAD_CERTIFICATE, + { /* entry idx, value */ 66, VALUE_OPT_LOAD_CERTIFICATE, + /* equiv idx, value */ 66, VALUE_OPT_LOAD_CERTIFICATE, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ LOAD_CERTIFICATE_FLAGS, 0, @@ -2312,8 +2324,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ LOAD_CERTIFICATE_DESC, LOAD_CERTIFICATE_NAME, LOAD_CERTIFICATE_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 66, VALUE_OPT_LOAD_CA_PRIVKEY, - /* equiv idx, value */ 66, VALUE_OPT_LOAD_CA_PRIVKEY, + { /* entry idx, value */ 67, VALUE_OPT_LOAD_CA_PRIVKEY, + /* equiv idx, value */ 67, VALUE_OPT_LOAD_CA_PRIVKEY, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ LOAD_CA_PRIVKEY_FLAGS, 0, @@ -2324,8 +2336,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ LOAD_CA_PRIVKEY_DESC, LOAD_CA_PRIVKEY_NAME, LOAD_CA_PRIVKEY_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 67, VALUE_OPT_LOAD_CA_CERTIFICATE, - /* equiv idx, value */ 67, VALUE_OPT_LOAD_CA_CERTIFICATE, + { /* entry idx, value */ 68, VALUE_OPT_LOAD_CA_CERTIFICATE, + /* equiv idx, value */ 68, VALUE_OPT_LOAD_CA_CERTIFICATE, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ LOAD_CA_CERTIFICATE_FLAGS, 0, @@ -2336,8 +2348,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ LOAD_CA_CERTIFICATE_DESC, LOAD_CA_CERTIFICATE_NAME, LOAD_CA_CERTIFICATE_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 68, VALUE_OPT_LOAD_CRL, - /* equiv idx, value */ 68, VALUE_OPT_LOAD_CRL, + { /* entry idx, value */ 69, VALUE_OPT_LOAD_CRL, + /* equiv idx, value */ 69, VALUE_OPT_LOAD_CRL, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ LOAD_CRL_FLAGS, 0, @@ -2348,8 +2360,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ LOAD_CRL_DESC, LOAD_CRL_NAME, LOAD_CRL_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 69, VALUE_OPT_LOAD_DATA, - /* equiv idx, value */ 69, VALUE_OPT_LOAD_DATA, + { /* entry idx, value */ 70, VALUE_OPT_LOAD_DATA, + /* equiv idx, value */ 70, VALUE_OPT_LOAD_DATA, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ LOAD_DATA_FLAGS, 0, @@ -2360,8 +2372,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ LOAD_DATA_DESC, LOAD_DATA_NAME, LOAD_DATA_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 70, VALUE_OPT_PASSWORD, - /* equiv idx, value */ 70, VALUE_OPT_PASSWORD, + { /* entry idx, value */ 71, VALUE_OPT_PASSWORD, + /* equiv idx, value */ 71, VALUE_OPT_PASSWORD, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ PASSWORD_FLAGS, 0, @@ -2372,8 +2384,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ PASSWORD_DESC, PASSWORD_NAME, PASSWORD_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 71, VALUE_OPT_NULL_PASSWORD, - /* equiv idx, value */ 71, VALUE_OPT_NULL_PASSWORD, + { /* entry idx, value */ 72, VALUE_OPT_NULL_PASSWORD, + /* equiv idx, value */ 72, VALUE_OPT_NULL_PASSWORD, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ NULL_PASSWORD_FLAGS, 0, @@ -2384,8 +2396,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ NULL_PASSWORD_DESC, NULL_PASSWORD_NAME, NULL_PASSWORD_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 72, VALUE_OPT_EMPTY_PASSWORD, - /* equiv idx, value */ 72, VALUE_OPT_EMPTY_PASSWORD, + { /* entry idx, value */ 73, VALUE_OPT_EMPTY_PASSWORD, + /* equiv idx, value */ 73, VALUE_OPT_EMPTY_PASSWORD, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ EMPTY_PASSWORD_FLAGS, 0, @@ -2396,8 +2408,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ EMPTY_PASSWORD_DESC, EMPTY_PASSWORD_NAME, EMPTY_PASSWORD_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 73, VALUE_OPT_HEX_NUMBERS, - /* equiv idx, value */ 73, VALUE_OPT_HEX_NUMBERS, + { /* entry idx, value */ 74, VALUE_OPT_HEX_NUMBERS, + /* equiv idx, value */ 74, VALUE_OPT_HEX_NUMBERS, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ HEX_NUMBERS_FLAGS, 0, @@ -2408,8 +2420,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ HEX_NUMBERS_DESC, HEX_NUMBERS_NAME, HEX_NUMBERS_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 74, VALUE_OPT_CPRINT, - /* equiv idx, value */ 74, VALUE_OPT_CPRINT, + { /* entry idx, value */ 75, VALUE_OPT_CPRINT, + /* equiv idx, value */ 75, VALUE_OPT_CPRINT, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ CPRINT_FLAGS, 0, @@ -2420,8 +2432,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ CPRINT_DESC, CPRINT_NAME, CPRINT_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 75, VALUE_OPT_RSA, - /* equiv idx, value */ 75, VALUE_OPT_RSA, + { /* entry idx, value */ 76, VALUE_OPT_RSA, + /* equiv idx, value */ 76, VALUE_OPT_RSA, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ RSA_FLAGS, 0, @@ -2432,8 +2444,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ RSA_DESC, RSA_NAME, RSA_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 76, VALUE_OPT_DSA, - /* equiv idx, value */ 76, VALUE_OPT_DSA, + { /* entry idx, value */ 77, VALUE_OPT_DSA, + /* equiv idx, value */ 77, VALUE_OPT_DSA, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ DSA_FLAGS, 0, @@ -2444,8 +2456,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ DSA_DESC, DSA_NAME, DSA_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 77, VALUE_OPT_ECC, - /* equiv idx, value */ 77, VALUE_OPT_ECC, + { /* entry idx, value */ 78, VALUE_OPT_ECC, + /* equiv idx, value */ 78, VALUE_OPT_ECC, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ ECC_FLAGS, 0, @@ -2456,8 +2468,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ ECC_DESC, ECC_NAME, ECC_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 78, VALUE_OPT_ECDSA, - /* equiv idx, value */ 78, VALUE_OPT_ECDSA, + { /* entry idx, value */ 79, VALUE_OPT_ECDSA, + /* equiv idx, value */ 79, VALUE_OPT_ECDSA, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ ECDSA_FLAGS, 0, @@ -2468,18 +2480,6 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ ECDSA_DESC, ECDSA_NAME, ECDSA_name, /* disablement strs */ 0, 0 }, - { /* entry idx, value */ 79, VALUE_OPT_KEY_TYPE, - /* equiv idx, value */ 79, VALUE_OPT_KEY_TYPE, - /* equivalenced to */ NO_EQUIVALENT, - /* min, max, act ct */ 0, 1, 0, - /* opt state flags */ KEY_TYPE_FLAGS, 0, - /* last opt argumnt */ { NULL }, /* --key-type */ - /* arg list/cookie */ NULL, - /* must/cannot opts */ NULL, NULL, - /* option proc */ NULL, - /* desc, NAME, name */ KEY_TYPE_DESC, KEY_TYPE_NAME, KEY_TYPE_name, - /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 80, VALUE_OPT_HASH, /* equiv idx, value */ 80, VALUE_OPT_HASH, /* equivalenced to */ NO_EQUIVALENT, @@ -3130,6 +3130,9 @@ with this program. If not, see <http://www.gnu.org/licenses/>.\n")); puts(_("Generate a private key")); /* referenced via certtoolOptions.pOptDesc->pzText */ + puts(_("Specify the key type to use on key generation")); + + /* referenced via certtoolOptions.pOptDesc->pzText */ puts(_("Specify the number of bits for key generation")); /* referenced via certtoolOptions.pOptDesc->pzText */ @@ -3280,9 +3283,6 @@ with this program. If not, see <http://www.gnu.org/licenses/>.\n")); puts(_("an alias for the 'ecc' option (deprecated)")); /* referenced via certtoolOptions.pOptDesc->pzText */ - puts(_("Specify the key type to use on key generation")); - - /* referenced via certtoolOptions.pOptDesc->pzText */ puts(_("Hash algorithm to use for signing")); /* referenced via certtoolOptions.pOptDesc->pzText */ diff --git a/src/certtool-args.h.bak b/src/certtool-args.h.bak index 5cbe195edc..8413808d55 100644 --- a/src/certtool-args.h.bak +++ b/src/certtool-args.h.bak @@ -91,53 +91,53 @@ typedef enum { INDEX_OPT_P8_INFO = 26, INDEX_OPT_TO_RSA = 27, INDEX_OPT_GENERATE_PRIVKEY = 28, - INDEX_OPT_BITS = 29, - INDEX_OPT_CURVE = 30, - INDEX_OPT_SEC_PARAM = 31, - INDEX_OPT_TO_P8 = 32, - INDEX_OPT_PKCS8 = 33, - INDEX_OPT_PROVABLE = 34, - INDEX_OPT_VERIFY_PROVABLE_PRIVKEY = 35, - INDEX_OPT_SEED = 36, - INDEX_OPT_CRL_INFO = 38, - INDEX_OPT_GENERATE_CRL = 39, - INDEX_OPT_VERIFY_CRL = 40, - INDEX_OPT_VERIFY_CHAIN = 42, - INDEX_OPT_VERIFY = 43, - INDEX_OPT_VERIFY_HOSTNAME = 44, - INDEX_OPT_VERIFY_EMAIL = 45, - INDEX_OPT_VERIFY_PURPOSE = 46, - INDEX_OPT_VERIFY_ALLOW_BROKEN = 47, - INDEX_OPT_P7_GENERATE = 49, - INDEX_OPT_P7_SIGN = 50, - INDEX_OPT_P7_DETACHED_SIGN = 51, - INDEX_OPT_P7_INCLUDE_CERT = 52, - INDEX_OPT_P7_TIME = 53, - INDEX_OPT_P7_SHOW_DATA = 54, - INDEX_OPT_P7_INFO = 55, - INDEX_OPT_P7_VERIFY = 56, - INDEX_OPT_SMIME_TO_P7 = 57, - INDEX_OPT_GENERATE_DH_PARAMS = 59, - INDEX_OPT_GET_DH_PARAMS = 60, - INDEX_OPT_DH_INFO = 61, - INDEX_OPT_LOAD_PRIVKEY = 62, - INDEX_OPT_LOAD_PUBKEY = 63, - INDEX_OPT_LOAD_REQUEST = 64, - INDEX_OPT_LOAD_CERTIFICATE = 65, - INDEX_OPT_LOAD_CA_PRIVKEY = 66, - INDEX_OPT_LOAD_CA_CERTIFICATE = 67, - INDEX_OPT_LOAD_CRL = 68, - INDEX_OPT_LOAD_DATA = 69, - INDEX_OPT_PASSWORD = 70, - INDEX_OPT_NULL_PASSWORD = 71, - INDEX_OPT_EMPTY_PASSWORD = 72, - INDEX_OPT_HEX_NUMBERS = 73, - INDEX_OPT_CPRINT = 74, - INDEX_OPT_RSA = 75, - INDEX_OPT_DSA = 76, - INDEX_OPT_ECC = 77, - INDEX_OPT_ECDSA = 78, - INDEX_OPT_KEY_TYPE = 79, + INDEX_OPT_KEY_TYPE = 29, + INDEX_OPT_BITS = 30, + INDEX_OPT_CURVE = 31, + INDEX_OPT_SEC_PARAM = 32, + INDEX_OPT_TO_P8 = 33, + INDEX_OPT_PKCS8 = 34, + INDEX_OPT_PROVABLE = 35, + INDEX_OPT_VERIFY_PROVABLE_PRIVKEY = 36, + INDEX_OPT_SEED = 37, + INDEX_OPT_CRL_INFO = 39, + INDEX_OPT_GENERATE_CRL = 40, + INDEX_OPT_VERIFY_CRL = 41, + INDEX_OPT_VERIFY_CHAIN = 43, + INDEX_OPT_VERIFY = 44, + INDEX_OPT_VERIFY_HOSTNAME = 45, + INDEX_OPT_VERIFY_EMAIL = 46, + INDEX_OPT_VERIFY_PURPOSE = 47, + INDEX_OPT_VERIFY_ALLOW_BROKEN = 48, + INDEX_OPT_P7_GENERATE = 50, + INDEX_OPT_P7_SIGN = 51, + INDEX_OPT_P7_DETACHED_SIGN = 52, + INDEX_OPT_P7_INCLUDE_CERT = 53, + INDEX_OPT_P7_TIME = 54, + INDEX_OPT_P7_SHOW_DATA = 55, + INDEX_OPT_P7_INFO = 56, + INDEX_OPT_P7_VERIFY = 57, + INDEX_OPT_SMIME_TO_P7 = 58, + INDEX_OPT_GENERATE_DH_PARAMS = 60, + INDEX_OPT_GET_DH_PARAMS = 61, + INDEX_OPT_DH_INFO = 62, + INDEX_OPT_LOAD_PRIVKEY = 63, + INDEX_OPT_LOAD_PUBKEY = 64, + INDEX_OPT_LOAD_REQUEST = 65, + INDEX_OPT_LOAD_CERTIFICATE = 66, + INDEX_OPT_LOAD_CA_PRIVKEY = 67, + INDEX_OPT_LOAD_CA_CERTIFICATE = 68, + INDEX_OPT_LOAD_CRL = 69, + INDEX_OPT_LOAD_DATA = 70, + INDEX_OPT_PASSWORD = 71, + INDEX_OPT_NULL_PASSWORD = 72, + INDEX_OPT_EMPTY_PASSWORD = 73, + INDEX_OPT_HEX_NUMBERS = 74, + INDEX_OPT_CPRINT = 75, + INDEX_OPT_RSA = 76, + INDEX_OPT_DSA = 77, + INDEX_OPT_ECC = 78, + INDEX_OPT_ECDSA = 79, INDEX_OPT_HASH = 80, INDEX_OPT_SALT_SIZE = 81, INDEX_OPT_INDER = 82, @@ -237,55 +237,55 @@ typedef enum { #define VALUE_OPT_P8_INFO 0x100F #define VALUE_OPT_TO_RSA 0x1010 #define VALUE_OPT_GENERATE_PRIVKEY 'p' -#define VALUE_OPT_BITS 0x1011 +#define VALUE_OPT_KEY_TYPE 0x1011 +#define VALUE_OPT_BITS 0x1012 #define OPT_VALUE_BITS (DESC(BITS).optArg.argInt) -#define VALUE_OPT_CURVE 0x1012 -#define VALUE_OPT_SEC_PARAM 0x1013 -#define VALUE_OPT_TO_P8 0x1014 +#define VALUE_OPT_CURVE 0x1013 +#define VALUE_OPT_SEC_PARAM 0x1014 +#define VALUE_OPT_TO_P8 0x1015 #define VALUE_OPT_PKCS8 '8' -#define VALUE_OPT_PROVABLE 0x1015 -#define VALUE_OPT_VERIFY_PROVABLE_PRIVKEY 0x1016 -#define VALUE_OPT_SEED 0x1017 +#define VALUE_OPT_PROVABLE 0x1016 +#define VALUE_OPT_VERIFY_PROVABLE_PRIVKEY 0x1017 +#define VALUE_OPT_SEED 0x1018 #define VALUE_OPT_CRL_INFO 'l' -#define VALUE_OPT_GENERATE_CRL 0x1018 -#define VALUE_OPT_VERIFY_CRL 0x1019 +#define VALUE_OPT_GENERATE_CRL 0x1019 +#define VALUE_OPT_VERIFY_CRL 0x101A #define VALUE_OPT_VERIFY_CHAIN 'e' -#define VALUE_OPT_VERIFY 0x101A -#define VALUE_OPT_VERIFY_HOSTNAME 0x101B -#define VALUE_OPT_VERIFY_EMAIL 0x101C -#define VALUE_OPT_VERIFY_PURPOSE 0x101D -#define VALUE_OPT_VERIFY_ALLOW_BROKEN 0x101E -#define VALUE_OPT_P7_GENERATE 0x101F -#define VALUE_OPT_P7_SIGN 0x1020 -#define VALUE_OPT_P7_DETACHED_SIGN 0x1021 -#define VALUE_OPT_P7_INCLUDE_CERT 0x1022 -#define VALUE_OPT_P7_TIME 0x1023 -#define VALUE_OPT_P7_SHOW_DATA 0x1024 -#define VALUE_OPT_P7_INFO 0x1025 -#define VALUE_OPT_P7_VERIFY 0x1026 -#define VALUE_OPT_SMIME_TO_P7 0x1027 -#define VALUE_OPT_GENERATE_DH_PARAMS 0x1028 -#define VALUE_OPT_GET_DH_PARAMS 0x1029 -#define VALUE_OPT_DH_INFO 0x102A -#define VALUE_OPT_LOAD_PRIVKEY 0x102B -#define VALUE_OPT_LOAD_PUBKEY 0x102C -#define VALUE_OPT_LOAD_REQUEST 0x102D -#define VALUE_OPT_LOAD_CERTIFICATE 0x102E -#define VALUE_OPT_LOAD_CA_PRIVKEY 0x102F -#define VALUE_OPT_LOAD_CA_CERTIFICATE 0x1030 -#define VALUE_OPT_LOAD_CRL 0x1031 -#define VALUE_OPT_LOAD_DATA 0x1032 -#define VALUE_OPT_PASSWORD 0x1033 -#define VALUE_OPT_NULL_PASSWORD 0x1034 -#define VALUE_OPT_EMPTY_PASSWORD 0x1035 -#define VALUE_OPT_HEX_NUMBERS 0x1036 -#define VALUE_OPT_CPRINT 0x1037 -#define VALUE_OPT_RSA 0x1038 -#define VALUE_OPT_DSA 0x1039 -#define VALUE_OPT_ECC 0x103A -#define VALUE_OPT_ECDSA 0x103B -#define VALUE_OPT_KEY_TYPE 0x103C +#define VALUE_OPT_VERIFY 0x101B +#define VALUE_OPT_VERIFY_HOSTNAME 0x101C +#define VALUE_OPT_VERIFY_EMAIL 0x101D +#define VALUE_OPT_VERIFY_PURPOSE 0x101E +#define VALUE_OPT_VERIFY_ALLOW_BROKEN 0x101F +#define VALUE_OPT_P7_GENERATE 0x1020 +#define VALUE_OPT_P7_SIGN 0x1021 +#define VALUE_OPT_P7_DETACHED_SIGN 0x1022 +#define VALUE_OPT_P7_INCLUDE_CERT 0x1023 +#define VALUE_OPT_P7_TIME 0x1024 +#define VALUE_OPT_P7_SHOW_DATA 0x1025 +#define VALUE_OPT_P7_INFO 0x1026 +#define VALUE_OPT_P7_VERIFY 0x1027 +#define VALUE_OPT_SMIME_TO_P7 0x1028 +#define VALUE_OPT_GENERATE_DH_PARAMS 0x1029 +#define VALUE_OPT_GET_DH_PARAMS 0x102A +#define VALUE_OPT_DH_INFO 0x102B +#define VALUE_OPT_LOAD_PRIVKEY 0x102C +#define VALUE_OPT_LOAD_PUBKEY 0x102D +#define VALUE_OPT_LOAD_REQUEST 0x102E +#define VALUE_OPT_LOAD_CERTIFICATE 0x102F +#define VALUE_OPT_LOAD_CA_PRIVKEY 0x1030 +#define VALUE_OPT_LOAD_CA_CERTIFICATE 0x1031 +#define VALUE_OPT_LOAD_CRL 0x1032 +#define VALUE_OPT_LOAD_DATA 0x1033 +#define VALUE_OPT_PASSWORD 0x1034 +#define VALUE_OPT_NULL_PASSWORD 0x1035 +#define VALUE_OPT_EMPTY_PASSWORD 0x1036 +#define VALUE_OPT_HEX_NUMBERS 0x1037 +#define VALUE_OPT_CPRINT 0x1038 +#define VALUE_OPT_RSA 0x1039 +#define VALUE_OPT_DSA 0x103A +#define VALUE_OPT_ECC 0x103B +#define VALUE_OPT_ECDSA 0x103C #define VALUE_OPT_HASH 0x103D #define VALUE_OPT_SALT_SIZE 0x103E diff --git a/src/cli-args.c.bak b/src/cli-args.c.bak index 684898cb48..9544d88290 100644 --- a/src/cli-args.c.bak +++ b/src/cli-args.c.bak @@ -63,7 +63,7 @@ extern FILE * option_usage_fp; /** * static const strings for gnutls-cli options */ -static char const gnutls_cli_opt_strs[4829] = +static char const gnutls_cli_opt_strs[4929] = /* 0 */ "gnutls-cli @VERSION@\n" "Copyright (C) 2000-@YEAR@ Free Software Foundation, and others, all rights reserved.\n" "This is free software. It is licensed for use, modification and\n" @@ -89,175 +89,179 @@ static char const gnutls_cli_opt_strs[4829] = /* 1006 */ "TOFU\0" /* 1011 */ "no-tofu\0" /* 1019 */ "no\0" -/* 1022 */ "Fail to connect if a known certificate has changed\0" -/* 1073 */ "STRICT_TOFU\0" -/* 1085 */ "no-strict-tofu\0" -/* 1100 */ "Enable DANE certificate verification (DNSSEC)\0" -/* 1146 */ "DANE\0" -/* 1151 */ "no-dane\0" -/* 1159 */ "Use the local DNS server for DNSSEC resolving\0" -/* 1205 */ "LOCAL_DNS\0" -/* 1215 */ "no-local-dns\0" -/* 1228 */ "Enable CA certificate verification\0" -/* 1263 */ "CA_VERIFICATION\0" -/* 1279 */ "no-ca-verification\0" -/* 1298 */ "Enable OCSP certificate verification\0" -/* 1335 */ "OCSP\0" -/* 1340 */ "no-ocsp\0" -/* 1348 */ "Establish a session and resume\0" -/* 1379 */ "RESUME\0" -/* 1386 */ "resume\0" -/* 1393 */ "Establish a session and rehandshake\0" -/* 1429 */ "REHANDSHAKE\0" -/* 1441 */ "rehandshake\0" -/* 1453 */ "Server's hostname for server name indication extension\0" -/* 1508 */ "SNI_HOSTNAME\0" -/* 1521 */ "sni-hostname\0" -/* 1534 */ "Connect, establish a plain session and start TLS\0" -/* 1583 */ "STARTTLS\0" -/* 1592 */ "starttls\0" -/* 1601 */ "an alias for the 'starttls-proto' option\0" -/* 1642 */ "app-proto\0" -/* 1652 */ "The application protocol to be used to obtain the server's certificate\n" +/* 1022 */ "Fail to connect if a certificate is unknown or a known certificate has\n" + "changed\0" +/* 1101 */ "STRICT_TOFU\0" +/* 1113 */ "no-strict-tofu\0" +/* 1128 */ "Enable DANE certificate verification (DNSSEC)\0" +/* 1174 */ "DANE\0" +/* 1179 */ "no-dane\0" +/* 1187 */ "Use the local DNS server for DNSSEC resolving\0" +/* 1233 */ "LOCAL_DNS\0" +/* 1243 */ "no-local-dns\0" +/* 1256 */ "Enable CA certificate verification\0" +/* 1291 */ "CA_VERIFICATION\0" +/* 1307 */ "no-ca-verification\0" +/* 1326 */ "Enable OCSP certificate verification\0" +/* 1363 */ "OCSP\0" +/* 1368 */ "no-ocsp\0" +/* 1376 */ "Establish a session and resume\0" +/* 1407 */ "RESUME\0" +/* 1414 */ "resume\0" +/* 1421 */ "Establish a session and rehandshake\0" +/* 1457 */ "REHANDSHAKE\0" +/* 1469 */ "rehandshake\0" +/* 1481 */ "Server's hostname for server name indication extension\0" +/* 1536 */ "SNI_HOSTNAME\0" +/* 1549 */ "sni-hostname\0" +/* 1562 */ "Server's hostname to use for validation\0" +/* 1602 */ "VERIFY_HOSTNAME\0" +/* 1618 */ "verify-hostname\0" +/* 1634 */ "Connect, establish a plain session and start TLS\0" +/* 1683 */ "STARTTLS\0" +/* 1692 */ "starttls\0" +/* 1701 */ "an alias for the 'starttls-proto' option\0" +/* 1742 */ "app-proto\0" +/* 1752 */ "The application protocol to be used to obtain the server's certificate\n" "(https, ftp, smtp, imap, ldap, xmpp, lmtp, pop3, nntp, sieve, postgres)\0" -/* 1795 */ "STARTTLS_PROTO\0" -/* 1810 */ "starttls-proto\0" -/* 1825 */ "Use DTLS (datagram TLS) over UDP\0" -/* 1858 */ "UDP\0" -/* 1862 */ "udp\0" -/* 1866 */ "Set MTU for datagram TLS\0" -/* 1891 */ "MTU\0" -/* 1895 */ "mtu\0" -/* 1899 */ "Send CR LF instead of LF\0" -/* 1924 */ "CRLF\0" -/* 1929 */ "crlf\0" -/* 1934 */ "Enable TCP Fast Open\0" -/* 1955 */ "FASTOPEN\0" -/* 1964 */ "fastopen\0" -/* 1973 */ "Use DER format for certificates to read from\0" -/* 2018 */ "X509FMTDER\0" -/* 2029 */ "x509fmtder\0" -/* 2040 */ "Print peer's certificate in PEM format\0" -/* 2079 */ "PRINT_CERT\0" -/* 2090 */ "print-cert\0" -/* 2101 */ "Save the peer's certificate chain in the specified file in PEM format\0" -/* 2171 */ "SAVE_CERT\0" -/* 2181 */ "save-cert\0" -/* 2191 */ "Save the peer's OCSP status response in the provided file\0" -/* 2249 */ "SAVE_OCSP\0" -/* 2259 */ "save-ocsp\0" -/* 2269 */ "Save the server-side TLS message trace in the provided file\0" -/* 2329 */ "SAVE_SERVER_TRACE\0" -/* 2347 */ "save-server-trace\0" -/* 2365 */ "Save the client-side TLS message trace in the provided file\0" -/* 2425 */ "SAVE_CLIENT_TRACE\0" -/* 2443 */ "save-client-trace\0" -/* 2461 */ "The minimum number of bits allowed for DH\0" -/* 2503 */ "DH_BITS\0" -/* 2511 */ "dh-bits\0" -/* 2519 */ "Priorities string\0" -/* 2537 */ "PRIORITY\0" -/* 2546 */ "priority\0" -/* 2555 */ "Certificate file or PKCS #11 URL to use\0" -/* 2595 */ "X509CAFILE\0" -/* 2606 */ "x509cafile\0" -/* 2617 */ "CRL file to use\0" -/* 2633 */ "X509CRLFILE\0" -/* 2645 */ "x509crlfile\0" -/* 2657 */ "X.509 key file or PKCS #11 URL to use\0" -/* 2695 */ "X509KEYFILE\0" -/* 2707 */ "x509keyfile\0" -/* 2719 */ "X.509 Certificate file or PKCS #11 URL to use\0" -/* 2765 */ "X509CERTFILE\0" -/* 2778 */ "x509certfile\0" -/* 2791 */ "SRP username to use\0" -/* 2811 */ "SRPUSERNAME\0" -/* 2823 */ "srpusername\0" -/* 2835 */ "SRP password to use\0" -/* 2855 */ "SRPPASSWD\0" -/* 2865 */ "srppasswd\0" -/* 2875 */ "PSK username to use\0" -/* 2895 */ "PSKUSERNAME\0" -/* 2907 */ "pskusername\0" -/* 2919 */ "PSK key (in hex) to use\0" -/* 2943 */ "PSKKEY\0" -/* 2950 */ "pskkey\0" -/* 2957 */ "The port or service to connect to\0" -/* 2991 */ "PORT\0" -/* 2996 */ "port\0" -/* 3001 */ "Don't abort program if server certificate can't be validated\0" -/* 3062 */ "INSECURE\0" -/* 3071 */ "insecure\0" -/* 3080 */ "Allow broken algorithms, such as MD5 for certificate verification\0" -/* 3146 */ "VERIFY_ALLOW_BROKEN\0" -/* 3166 */ "verify-allow-broken\0" -/* 3186 */ "Use length-hiding padding to prevent traffic analysis\0" -/* 3240 */ "RANGES\0" -/* 3247 */ "ranges\0" -/* 3254 */ "Benchmark individual ciphers\0" -/* 3283 */ "BENCHMARK_CIPHERS\0" -/* 3301 */ "benchmark-ciphers\0" -/* 3319 */ "Benchmark TLS key exchange methods\0" -/* 3354 */ "BENCHMARK_TLS_KX\0" -/* 3371 */ "benchmark-tls-kx\0" -/* 3388 */ "Benchmark TLS ciphers\0" -/* 3410 */ "BENCHMARK_TLS_CIPHERS\0" -/* 3432 */ "benchmark-tls-ciphers\0" -/* 3454 */ "Print a list of the supported algorithms and modes\0" -/* 3505 */ "LIST\0" -/* 3510 */ "list\0" -/* 3515 */ "Print a list of the supported priority strings\0" -/* 3562 */ "PRIORITY_LIST\0" -/* 3576 */ "priority-list\0" -/* 3590 */ "Don't allow session tickets\0" -/* 3618 */ "NOTICKET\0" -/* 3627 */ "noticket\0" -/* 3636 */ "Offer SRTP profiles\0" -/* 3656 */ "SRTP_PROFILES\0" -/* 3670 */ "srtp-profiles\0" -/* 3684 */ "Application layer protocol\0" -/* 3711 */ "ALPN\0" -/* 3716 */ "alpn\0" -/* 3721 */ "Activate heartbeat support\0" -/* 3748 */ "HEARTBEAT\0" -/* 3758 */ "heartbeat\0" -/* 3768 */ "The maximum record size to advertize\0" -/* 3805 */ "RECORDSIZE\0" -/* 3816 */ "recordsize\0" -/* 3827 */ "Do not send a Server Name Indication (SNI)\0" -/* 3870 */ "DISABLE_SNI\0" -/* 3882 */ "disable-sni\0" -/* 3894 */ "Disable all the TLS extensions\0" -/* 3925 */ "DISABLE_EXTENSIONS\0" -/* 3944 */ "disable-extensions\0" -/* 3963 */ "Inline commands of the form ^<cmd>^\0" -/* 3999 */ "INLINE_COMMANDS\0" -/* 4015 */ "inline-commands\0" -/* 4031 */ "Change the default delimiter for inline commands.\0" -/* 4081 */ "INLINE_COMMANDS_PREFIX\0" -/* 4104 */ "inline-commands-prefix\0" -/* 4127 */ "Specify the PKCS #11 provider library\0" -/* 4165 */ "PROVIDER\0" -/* 4174 */ "provider\0" -/* 4183 */ "Reports the status of the FIPS140-2 mode in gnutls library\0" -/* 4242 */ "FIPS140_MODE\0" -/* 4255 */ "fips140-mode\0" -/* 4268 */ "display extended usage information and exit\0" -/* 4312 */ "help\0" -/* 4317 */ "extended usage information passed thru pager\0" -/* 4362 */ "more-help\0" -/* 4372 */ "output version information and exit\0" -/* 4408 */ "version\0" -/* 4416 */ "GNUTLS_CLI\0" -/* 4427 */ "gnutls-cli - GnuTLS client\n" +/* 1895 */ "STARTTLS_PROTO\0" +/* 1910 */ "starttls-proto\0" +/* 1925 */ "Use DTLS (datagram TLS) over UDP\0" +/* 1958 */ "UDP\0" +/* 1962 */ "udp\0" +/* 1966 */ "Set MTU for datagram TLS\0" +/* 1991 */ "MTU\0" +/* 1995 */ "mtu\0" +/* 1999 */ "Send CR LF instead of LF\0" +/* 2024 */ "CRLF\0" +/* 2029 */ "crlf\0" +/* 2034 */ "Enable TCP Fast Open\0" +/* 2055 */ "FASTOPEN\0" +/* 2064 */ "fastopen\0" +/* 2073 */ "Use DER format for certificates to read from\0" +/* 2118 */ "X509FMTDER\0" +/* 2129 */ "x509fmtder\0" +/* 2140 */ "Print peer's certificate in PEM format\0" +/* 2179 */ "PRINT_CERT\0" +/* 2190 */ "print-cert\0" +/* 2201 */ "Save the peer's certificate chain in the specified file in PEM format\0" +/* 2271 */ "SAVE_CERT\0" +/* 2281 */ "save-cert\0" +/* 2291 */ "Save the peer's OCSP status response in the provided file\0" +/* 2349 */ "SAVE_OCSP\0" +/* 2359 */ "save-ocsp\0" +/* 2369 */ "Save the server-side TLS message trace in the provided file\0" +/* 2429 */ "SAVE_SERVER_TRACE\0" +/* 2447 */ "save-server-trace\0" +/* 2465 */ "Save the client-side TLS message trace in the provided file\0" +/* 2525 */ "SAVE_CLIENT_TRACE\0" +/* 2543 */ "save-client-trace\0" +/* 2561 */ "The minimum number of bits allowed for DH\0" +/* 2603 */ "DH_BITS\0" +/* 2611 */ "dh-bits\0" +/* 2619 */ "Priorities string\0" +/* 2637 */ "PRIORITY\0" +/* 2646 */ "priority\0" +/* 2655 */ "Certificate file or PKCS #11 URL to use\0" +/* 2695 */ "X509CAFILE\0" +/* 2706 */ "x509cafile\0" +/* 2717 */ "CRL file to use\0" +/* 2733 */ "X509CRLFILE\0" +/* 2745 */ "x509crlfile\0" +/* 2757 */ "X.509 key file or PKCS #11 URL to use\0" +/* 2795 */ "X509KEYFILE\0" +/* 2807 */ "x509keyfile\0" +/* 2819 */ "X.509 Certificate file or PKCS #11 URL to use\0" +/* 2865 */ "X509CERTFILE\0" +/* 2878 */ "x509certfile\0" +/* 2891 */ "SRP username to use\0" +/* 2911 */ "SRPUSERNAME\0" +/* 2923 */ "srpusername\0" +/* 2935 */ "SRP password to use\0" +/* 2955 */ "SRPPASSWD\0" +/* 2965 */ "srppasswd\0" +/* 2975 */ "PSK username to use\0" +/* 2995 */ "PSKUSERNAME\0" +/* 3007 */ "pskusername\0" +/* 3019 */ "PSK key (in hex) to use\0" +/* 3043 */ "PSKKEY\0" +/* 3050 */ "pskkey\0" +/* 3057 */ "The port or service to connect to\0" +/* 3091 */ "PORT\0" +/* 3096 */ "port\0" +/* 3101 */ "Don't abort program if server certificate can't be validated\0" +/* 3162 */ "INSECURE\0" +/* 3171 */ "insecure\0" +/* 3180 */ "Allow broken algorithms, such as MD5 for certificate verification\0" +/* 3246 */ "VERIFY_ALLOW_BROKEN\0" +/* 3266 */ "verify-allow-broken\0" +/* 3286 */ "Use length-hiding padding to prevent traffic analysis\0" +/* 3340 */ "RANGES\0" +/* 3347 */ "ranges\0" +/* 3354 */ "Benchmark individual ciphers\0" +/* 3383 */ "BENCHMARK_CIPHERS\0" +/* 3401 */ "benchmark-ciphers\0" +/* 3419 */ "Benchmark TLS key exchange methods\0" +/* 3454 */ "BENCHMARK_TLS_KX\0" +/* 3471 */ "benchmark-tls-kx\0" +/* 3488 */ "Benchmark TLS ciphers\0" +/* 3510 */ "BENCHMARK_TLS_CIPHERS\0" +/* 3532 */ "benchmark-tls-ciphers\0" +/* 3554 */ "Print a list of the supported algorithms and modes\0" +/* 3605 */ "LIST\0" +/* 3610 */ "list\0" +/* 3615 */ "Print a list of the supported priority strings\0" +/* 3662 */ "PRIORITY_LIST\0" +/* 3676 */ "priority-list\0" +/* 3690 */ "Don't allow session tickets\0" +/* 3718 */ "NOTICKET\0" +/* 3727 */ "noticket\0" +/* 3736 */ "Offer SRTP profiles\0" +/* 3756 */ "SRTP_PROFILES\0" +/* 3770 */ "srtp-profiles\0" +/* 3784 */ "Application layer protocol\0" +/* 3811 */ "ALPN\0" +/* 3816 */ "alpn\0" +/* 3821 */ "Activate heartbeat support\0" +/* 3848 */ "HEARTBEAT\0" +/* 3858 */ "heartbeat\0" +/* 3868 */ "The maximum record size to advertize\0" +/* 3905 */ "RECORDSIZE\0" +/* 3916 */ "recordsize\0" +/* 3927 */ "Do not send a Server Name Indication (SNI)\0" +/* 3970 */ "DISABLE_SNI\0" +/* 3982 */ "disable-sni\0" +/* 3994 */ "Disable all the TLS extensions\0" +/* 4025 */ "DISABLE_EXTENSIONS\0" +/* 4044 */ "disable-extensions\0" +/* 4063 */ "Inline commands of the form ^<cmd>^\0" +/* 4099 */ "INLINE_COMMANDS\0" +/* 4115 */ "inline-commands\0" +/* 4131 */ "Change the default delimiter for inline commands.\0" +/* 4181 */ "INLINE_COMMANDS_PREFIX\0" +/* 4204 */ "inline-commands-prefix\0" +/* 4227 */ "Specify the PKCS #11 provider library\0" +/* 4265 */ "PROVIDER\0" +/* 4274 */ "provider\0" +/* 4283 */ "Reports the status of the FIPS140-2 mode in gnutls library\0" +/* 4342 */ "FIPS140_MODE\0" +/* 4355 */ "fips140-mode\0" +/* 4368 */ "display extended usage information and exit\0" +/* 4412 */ "help\0" +/* 4417 */ "extended usage information passed thru pager\0" +/* 4462 */ "more-help\0" +/* 4472 */ "output version information and exit\0" +/* 4508 */ "version\0" +/* 4516 */ "GNUTLS_CLI\0" +/* 4527 */ "gnutls-cli - GnuTLS client\n" "Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [hostname]\n\0" -/* 4523 */ "@PACKAGE_BUGREPORT@\0" -/* 4543 */ "\n\0" -/* 4545 */ "Simple client program to set up a TLS connection to some other computer. It\n" +/* 4623 */ "@PACKAGE_BUGREPORT@\0" +/* 4643 */ "\n\0" +/* 4645 */ "Simple client program to set up a TLS connection to some other computer. It\n" "sets up a TLS connection and forwards data from the standard input to the\n" "secured socket and vice versa.\n\0" -/* 4728 */ "gnutls-cli @VERSION@\0" -/* 4749 */ "Usage: gnutls-cli [options] hostname\n" +/* 4828 */ "gnutls-cli @VERSION@\0" +/* 4849 */ "Usage: gnutls-cli [options] hostname\n" "gnutls-cli --help for usage instructions.\n"; /** @@ -307,9 +311,9 @@ static char const gnutls_cli_opt_strs[4829] = /** Descriptive text for the strict-tofu option */ #define STRICT_TOFU_DESC (gnutls_cli_opt_strs+1022) /** Upper-cased name for the strict-tofu option */ -#define STRICT_TOFU_NAME (gnutls_cli_opt_strs+1073) +#define STRICT_TOFU_NAME (gnutls_cli_opt_strs+1101) /** disablement name for the strict-tofu option */ -#define NOT_STRICT_TOFU_name (gnutls_cli_opt_strs+1085) +#define NOT_STRICT_TOFU_name (gnutls_cli_opt_strs+1113) /** disablement prefix for the strict-tofu option */ #define NOT_STRICT_TOFU_PFX (gnutls_cli_opt_strs+1019) /** Name string for the strict-tofu option */ @@ -321,11 +325,11 @@ static char const gnutls_cli_opt_strs[4829] = * dane option description: */ /** Descriptive text for the dane option */ -#define DANE_DESC (gnutls_cli_opt_strs+1100) +#define DANE_DESC (gnutls_cli_opt_strs+1128) /** Upper-cased name for the dane option */ -#define DANE_NAME (gnutls_cli_opt_strs+1146) +#define DANE_NAME (gnutls_cli_opt_strs+1174) /** disablement name for the dane option */ -#define NOT_DANE_name (gnutls_cli_opt_strs+1151) +#define NOT_DANE_name (gnutls_cli_opt_strs+1179) /** disablement prefix for the dane option */ #define NOT_DANE_PFX (gnutls_cli_opt_strs+1019) /** Name string for the dane option */ @@ -337,11 +341,11 @@ static char const gnutls_cli_opt_strs[4829] = * local-dns option description: */ /** Descriptive text for the local-dns option */ -#define LOCAL_DNS_DESC (gnutls_cli_opt_strs+1159) +#define LOCAL_DNS_DESC (gnutls_cli_opt_strs+1187) /** Upper-cased name for the local-dns option */ -#define LOCAL_DNS_NAME (gnutls_cli_opt_strs+1205) +#define LOCAL_DNS_NAME (gnutls_cli_opt_strs+1233) /** disablement name for the local-dns option */ -#define NOT_LOCAL_DNS_name (gnutls_cli_opt_strs+1215) +#define NOT_LOCAL_DNS_name (gnutls_cli_opt_strs+1243) /** disablement prefix for the local-dns option */ #define NOT_LOCAL_DNS_PFX (gnutls_cli_opt_strs+1019) /** Name string for the local-dns option */ @@ -353,11 +357,11 @@ static char const gnutls_cli_opt_strs[4829] = * ca-verification option description: */ /** Descriptive text for the ca-verification option */ -#define CA_VERIFICATION_DESC (gnutls_cli_opt_strs+1228) +#define CA_VERIFICATION_DESC (gnutls_cli_opt_strs+1256) /** Upper-cased name for the ca-verification option */ -#define CA_VERIFICATION_NAME (gnutls_cli_opt_strs+1263) +#define CA_VERIFICATION_NAME (gnutls_cli_opt_strs+1291) /** disablement name for the ca-verification option */ -#define NOT_CA_VERIFICATION_name (gnutls_cli_opt_strs+1279) +#define NOT_CA_VERIFICATION_name (gnutls_cli_opt_strs+1307) /** disablement prefix for the ca-verification option */ #define NOT_CA_VERIFICATION_PFX (gnutls_cli_opt_strs+1019) /** Name string for the ca-verification option */ @@ -369,11 +373,11 @@ static char const gnutls_cli_opt_strs[4829] = * ocsp option description: */ /** Descriptive text for the ocsp option */ -#define OCSP_DESC (gnutls_cli_opt_strs+1298) +#define OCSP_DESC (gnutls_cli_opt_strs+1326) /** Upper-cased name for the ocsp option */ -#define OCSP_NAME (gnutls_cli_opt_strs+1335) +#define OCSP_NAME (gnutls_cli_opt_strs+1363) /** disablement name for the ocsp option */ -#define NOT_OCSP_name (gnutls_cli_opt_strs+1340) +#define NOT_OCSP_name (gnutls_cli_opt_strs+1368) /** disablement prefix for the ocsp option */ #define NOT_OCSP_PFX (gnutls_cli_opt_strs+1019) /** Name string for the ocsp option */ @@ -385,11 +389,11 @@ static char const gnutls_cli_opt_strs[4829] = * resume option description: */ /** Descriptive text for the resume option */ -#define RESUME_DESC (gnutls_cli_opt_strs+1348) +#define RESUME_DESC (gnutls_cli_opt_strs+1376) /** Upper-cased name for the resume option */ -#define RESUME_NAME (gnutls_cli_opt_strs+1379) +#define RESUME_NAME (gnutls_cli_opt_strs+1407) /** Name string for the resume option */ -#define RESUME_name (gnutls_cli_opt_strs+1386) +#define RESUME_name (gnutls_cli_opt_strs+1414) /** Compiled in flag settings for the resume option */ #define RESUME_FLAGS (OPTST_DISABLED) @@ -397,11 +401,11 @@ static char const gnutls_cli_opt_strs[4829] = * rehandshake option description: */ /** Descriptive text for the rehandshake option */ -#define REHANDSHAKE_DESC (gnutls_cli_opt_strs+1393) +#define REHANDSHAKE_DESC (gnutls_cli_opt_strs+1421) /** Upper-cased name for the rehandshake option */ -#define REHANDSHAKE_NAME (gnutls_cli_opt_strs+1429) +#define REHANDSHAKE_NAME (gnutls_cli_opt_strs+1457) /** Name string for the rehandshake option */ -#define REHANDSHAKE_name (gnutls_cli_opt_strs+1441) +#define REHANDSHAKE_name (gnutls_cli_opt_strs+1469) /** Compiled in flag settings for the rehandshake option */ #define REHANDSHAKE_FLAGS (OPTST_DISABLED) @@ -409,24 +413,37 @@ static char const gnutls_cli_opt_strs[4829] = * sni-hostname option description: */ /** Descriptive text for the sni-hostname option */ -#define SNI_HOSTNAME_DESC (gnutls_cli_opt_strs+1453) +#define SNI_HOSTNAME_DESC (gnutls_cli_opt_strs+1481) /** Upper-cased name for the sni-hostname option */ -#define SNI_HOSTNAME_NAME (gnutls_cli_opt_strs+1508) +#define SNI_HOSTNAME_NAME (gnutls_cli_opt_strs+1536) /** Name string for the sni-hostname option */ -#define SNI_HOSTNAME_name (gnutls_cli_opt_strs+1521) +#define SNI_HOSTNAME_name (gnutls_cli_opt_strs+1549) /** Compiled in flag settings for the sni-hostname option */ #define SNI_HOSTNAME_FLAGS (OPTST_DISABLED \ | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING)) /** + * verify-hostname option description: + */ +/** Descriptive text for the verify-hostname option */ +#define VERIFY_HOSTNAME_DESC (gnutls_cli_opt_strs+1562) +/** Upper-cased name for the verify-hostname option */ +#define VERIFY_HOSTNAME_NAME (gnutls_cli_opt_strs+1602) +/** Name string for the verify-hostname option */ +#define VERIFY_HOSTNAME_name (gnutls_cli_opt_strs+1618) +/** Compiled in flag settings for the verify-hostname option */ +#define VERIFY_HOSTNAME_FLAGS (OPTST_DISABLED \ + | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING)) + +/** * starttls option description: */ /** Descriptive text for the starttls option */ -#define STARTTLS_DESC (gnutls_cli_opt_strs+1534) +#define STARTTLS_DESC (gnutls_cli_opt_strs+1634) /** Upper-cased name for the starttls option */ -#define STARTTLS_NAME (gnutls_cli_opt_strs+1583) +#define STARTTLS_NAME (gnutls_cli_opt_strs+1683) /** Name string for the starttls option */ -#define STARTTLS_name (gnutls_cli_opt_strs+1592) +#define STARTTLS_name (gnutls_cli_opt_strs+1692) /** Compiled in flag settings for the starttls option */ #define STARTTLS_FLAGS (OPTST_DISABLED) @@ -434,10 +451,10 @@ static char const gnutls_cli_opt_strs[4829] = * app-proto option description: */ /** Descriptive text for the app-proto option */ -#define APP_PROTO_DESC (gnutls_cli_opt_strs+1601) +#define APP_PROTO_DESC (gnutls_cli_opt_strs+1701) #define APP_PROTO_NAME NULL /** Unmodified name string for the app-proto option */ -#define APP_PROTO_name (gnutls_cli_opt_strs+1642) +#define APP_PROTO_name (gnutls_cli_opt_strs+1742) /** Compiled in flag settings for the app-proto option */ #define APP_PROTO_FLAGS (STARTTLS_PROTO_FLAGS | OPTST_ALIAS) @@ -446,11 +463,11 @@ static char const gnutls_cli_opt_strs[4829] = * "Must also have options" and "Incompatible options": */ /** Descriptive text for the starttls-proto option */ -#define STARTTLS_PROTO_DESC (gnutls_cli_opt_strs+1652) +#define STARTTLS_PROTO_DESC (gnutls_cli_opt_strs+1752) /** Upper-cased name for the starttls-proto option */ -#define STARTTLS_PROTO_NAME (gnutls_cli_opt_strs+1795) +#define STARTTLS_PROTO_NAME (gnutls_cli_opt_strs+1895) /** Name string for the starttls-proto option */ -#define STARTTLS_PROTO_name (gnutls_cli_opt_strs+1810) +#define STARTTLS_PROTO_name (gnutls_cli_opt_strs+1910) /** Other options that appear in conjunction with the starttls-proto option */ static int const aStarttls_ProtoCantList[] = { INDEX_OPT_STARTTLS, NO_EQUIVALENT }; @@ -462,11 +479,11 @@ static int const aStarttls_ProtoCantList[] = { * udp option description: */ /** Descriptive text for the udp option */ -#define UDP_DESC (gnutls_cli_opt_strs+1825) +#define UDP_DESC (gnutls_cli_opt_strs+1925) /** Upper-cased name for the udp option */ -#define UDP_NAME (gnutls_cli_opt_strs+1858) +#define UDP_NAME (gnutls_cli_opt_strs+1958) /** Name string for the udp option */ -#define UDP_name (gnutls_cli_opt_strs+1862) +#define UDP_name (gnutls_cli_opt_strs+1962) /** Compiled in flag settings for the udp option */ #define UDP_FLAGS (OPTST_DISABLED) @@ -474,11 +491,11 @@ static int const aStarttls_ProtoCantList[] = { * mtu option description: */ /** Descriptive text for the mtu option */ -#define MTU_DESC (gnutls_cli_opt_strs+1866) +#define MTU_DESC (gnutls_cli_opt_strs+1966) /** Upper-cased name for the mtu option */ -#define MTU_NAME (gnutls_cli_opt_strs+1891) +#define MTU_NAME (gnutls_cli_opt_strs+1991) /** Name string for the mtu option */ -#define MTU_name (gnutls_cli_opt_strs+1895) +#define MTU_name (gnutls_cli_opt_strs+1995) /** Compiled in flag settings for the mtu option */ #define MTU_FLAGS (OPTST_DISABLED \ | OPTST_SET_ARGTYPE(OPARG_TYPE_NUMERIC)) @@ -487,11 +504,11 @@ static int const aStarttls_ProtoCantList[] = { * crlf option description: */ /** Descriptive text for the crlf option */ -#define CRLF_DESC (gnutls_cli_opt_strs+1899) +#define CRLF_DESC (gnutls_cli_opt_strs+1999) /** Upper-cased name for the crlf option */ -#define CRLF_NAME (gnutls_cli_opt_strs+1924) +#define CRLF_NAME (gnutls_cli_opt_strs+2024) /** Name string for the crlf option */ -#define CRLF_name (gnutls_cli_opt_strs+1929) +#define CRLF_name (gnutls_cli_opt_strs+2029) /** Compiled in flag settings for the crlf option */ #define CRLF_FLAGS (OPTST_DISABLED) @@ -499,11 +516,11 @@ static int const aStarttls_ProtoCantList[] = { * fastopen option description: */ /** Descriptive text for the fastopen option */ -#define FASTOPEN_DESC (gnutls_cli_opt_strs+1934) +#define FASTOPEN_DESC (gnutls_cli_opt_strs+2034) /** Upper-cased name for the fastopen option */ -#define FASTOPEN_NAME (gnutls_cli_opt_strs+1955) +#define FASTOPEN_NAME (gnutls_cli_opt_strs+2055) /** Name string for the fastopen option */ -#define FASTOPEN_name (gnutls_cli_opt_strs+1964) +#define FASTOPEN_name (gnutls_cli_opt_strs+2064) /** Compiled in flag settings for the fastopen option */ #define FASTOPEN_FLAGS (OPTST_DISABLED) @@ -511,11 +528,11 @@ static int const aStarttls_ProtoCantList[] = { * x509fmtder option description: */ /** Descriptive text for the x509fmtder option */ -#define X509FMTDER_DESC (gnutls_cli_opt_strs+1973) +#define X509FMTDER_DESC (gnutls_cli_opt_strs+2073) /** Upper-cased name for the x509fmtder option */ -#define X509FMTDER_NAME (gnutls_cli_opt_strs+2018) +#define X509FMTDER_NAME (gnutls_cli_opt_strs+2118) /** Name string for the x509fmtder option */ -#define X509FMTDER_name (gnutls_cli_opt_strs+2029) +#define X509FMTDER_name (gnutls_cli_opt_strs+2129) /** Compiled in flag settings for the x509fmtder option */ #define X509FMTDER_FLAGS (OPTST_DISABLED) @@ -523,11 +540,11 @@ static int const aStarttls_ProtoCantList[] = { * print-cert option description: */ /** Descriptive text for the print-cert option */ -#define PRINT_CERT_DESC (gnutls_cli_opt_strs+2040) +#define PRINT_CERT_DESC (gnutls_cli_opt_strs+2140) /** Upper-cased name for the print-cert option */ -#define PRINT_CERT_NAME (gnutls_cli_opt_strs+2079) +#define PRINT_CERT_NAME (gnutls_cli_opt_strs+2179) /** Name string for the print-cert option */ -#define PRINT_CERT_name (gnutls_cli_opt_strs+2090) +#define PRINT_CERT_name (gnutls_cli_opt_strs+2190) /** Compiled in flag settings for the print-cert option */ #define PRINT_CERT_FLAGS (OPTST_DISABLED) @@ -535,11 +552,11 @@ static int const aStarttls_ProtoCantList[] = { * save-cert option description: */ /** Descriptive text for the save-cert option */ -#define SAVE_CERT_DESC (gnutls_cli_opt_strs+2101) +#define SAVE_CERT_DESC (gnutls_cli_opt_strs+2201) /** Upper-cased name for the save-cert option */ -#define SAVE_CERT_NAME (gnutls_cli_opt_strs+2171) +#define SAVE_CERT_NAME (gnutls_cli_opt_strs+2271) /** Name string for the save-cert option */ -#define SAVE_CERT_name (gnutls_cli_opt_strs+2181) +#define SAVE_CERT_name (gnutls_cli_opt_strs+2281) /** Compiled in flag settings for the save-cert option */ #define SAVE_CERT_FLAGS (OPTST_DISABLED \ | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING)) @@ -548,11 +565,11 @@ static int const aStarttls_ProtoCantList[] = { * save-ocsp option description: */ /** Descriptive text for the save-ocsp option */ -#define SAVE_OCSP_DESC (gnutls_cli_opt_strs+2191) +#define SAVE_OCSP_DESC (gnutls_cli_opt_strs+2291) /** Upper-cased name for the save-ocsp option */ -#define SAVE_OCSP_NAME (gnutls_cli_opt_strs+2249) +#define SAVE_OCSP_NAME (gnutls_cli_opt_strs+2349) /** Name string for the save-ocsp option */ -#define SAVE_OCSP_name (gnutls_cli_opt_strs+2259) +#define SAVE_OCSP_name (gnutls_cli_opt_strs+2359) /** Compiled in flag settings for the save-ocsp option */ #define SAVE_OCSP_FLAGS (OPTST_DISABLED \ | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING)) @@ -561,11 +578,11 @@ static int const aStarttls_ProtoCantList[] = { * save-server-trace option description: */ /** Descriptive text for the save-server-trace option */ -#define SAVE_SERVER_TRACE_DESC (gnutls_cli_opt_strs+2269) +#define SAVE_SERVER_TRACE_DESC (gnutls_cli_opt_strs+2369) /** Upper-cased name for the save-server-trace option */ -#define SAVE_SERVER_TRACE_NAME (gnutls_cli_opt_strs+2329) +#define SAVE_SERVER_TRACE_NAME (gnutls_cli_opt_strs+2429) /** Name string for the save-server-trace option */ -#define SAVE_SERVER_TRACE_name (gnutls_cli_opt_strs+2347) +#define SAVE_SERVER_TRACE_name (gnutls_cli_opt_strs+2447) /** Compiled in flag settings for the save-server-trace option */ #define SAVE_SERVER_TRACE_FLAGS (OPTST_DISABLED \ | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING)) @@ -574,11 +591,11 @@ static int const aStarttls_ProtoCantList[] = { * save-client-trace option description: */ /** Descriptive text for the save-client-trace option */ -#define SAVE_CLIENT_TRACE_DESC (gnutls_cli_opt_strs+2365) +#define SAVE_CLIENT_TRACE_DESC (gnutls_cli_opt_strs+2465) /** Upper-cased name for the save-client-trace option */ -#define SAVE_CLIENT_TRACE_NAME (gnutls_cli_opt_strs+2425) +#define SAVE_CLIENT_TRACE_NAME (gnutls_cli_opt_strs+2525) /** Name string for the save-client-trace option */ -#define SAVE_CLIENT_TRACE_name (gnutls_cli_opt_strs+2443) +#define SAVE_CLIENT_TRACE_name (gnutls_cli_opt_strs+2543) /** Compiled in flag settings for the save-client-trace option */ #define SAVE_CLIENT_TRACE_FLAGS (OPTST_DISABLED \ | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING)) @@ -587,11 +604,11 @@ static int const aStarttls_ProtoCantList[] = { * dh-bits option description: */ /** Descriptive text for the dh-bits option */ -#define DH_BITS_DESC (gnutls_cli_opt_strs+2461) +#define DH_BITS_DESC (gnutls_cli_opt_strs+2561) /** Upper-cased name for the dh-bits option */ -#define DH_BITS_NAME (gnutls_cli_opt_strs+2503) +#define DH_BITS_NAME (gnutls_cli_opt_strs+2603) /** Name string for the dh-bits option */ -#define DH_BITS_name (gnutls_cli_opt_strs+2511) +#define DH_BITS_name (gnutls_cli_opt_strs+2611) /** Compiled in flag settings for the dh-bits option */ #define DH_BITS_FLAGS (OPTST_DISABLED \ | OPTST_SET_ARGTYPE(OPARG_TYPE_NUMERIC)) @@ -600,11 +617,11 @@ static int const aStarttls_ProtoCantList[] = { * priority option description: */ /** Descriptive text for the priority option */ -#define PRIORITY_DESC (gnutls_cli_opt_strs+2519) +#define PRIORITY_DESC (gnutls_cli_opt_strs+2619) /** Upper-cased name for the priority option */ -#define PRIORITY_NAME (gnutls_cli_opt_strs+2537) +#define PRIORITY_NAME (gnutls_cli_opt_strs+2637) /** Name string for the priority option */ -#define PRIORITY_name (gnutls_cli_opt_strs+2546) +#define PRIORITY_name (gnutls_cli_opt_strs+2646) /** Compiled in flag settings for the priority option */ #define PRIORITY_FLAGS (OPTST_DISABLED \ | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING)) @@ -613,11 +630,11 @@ static int const aStarttls_ProtoCantList[] = { * x509cafile option description: */ /** Descriptive text for the x509cafile option */ -#define X509CAFILE_DESC (gnutls_cli_opt_strs+2555) +#define X509CAFILE_DESC (gnutls_cli_opt_strs+2655) /** Upper-cased name for the x509cafile option */ -#define X509CAFILE_NAME (gnutls_cli_opt_strs+2595) +#define X509CAFILE_NAME (gnutls_cli_opt_strs+2695) /** Name string for the x509cafile option */ -#define X509CAFILE_name (gnutls_cli_opt_strs+2606) +#define X509CAFILE_name (gnutls_cli_opt_strs+2706) /** Compiled in flag settings for the x509cafile option */ #define X509CAFILE_FLAGS (OPTST_DISABLED \ | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING)) @@ -626,11 +643,11 @@ static int const aStarttls_ProtoCantList[] = { * x509crlfile option description: */ /** Descriptive text for the x509crlfile option */ -#define X509CRLFILE_DESC (gnutls_cli_opt_strs+2617) +#define X509CRLFILE_DESC (gnutls_cli_opt_strs+2717) /** Upper-cased name for the x509crlfile option */ -#define X509CRLFILE_NAME (gnutls_cli_opt_strs+2633) +#define X509CRLFILE_NAME (gnutls_cli_opt_strs+2733) /** Name string for the x509crlfile option */ -#define X509CRLFILE_name (gnutls_cli_opt_strs+2645) +#define X509CRLFILE_name (gnutls_cli_opt_strs+2745) /** Compiled in flag settings for the x509crlfile option */ #define X509CRLFILE_FLAGS (OPTST_DISABLED \ | OPTST_SET_ARGTYPE(OPARG_TYPE_FILE)) @@ -639,11 +656,11 @@ static int const aStarttls_ProtoCantList[] = { * x509keyfile option description: */ /** Descriptive text for the x509keyfile option */ -#define X509KEYFILE_DESC (gnutls_cli_opt_strs+2657) +#define X509KEYFILE_DESC (gnutls_cli_opt_strs+2757) /** Upper-cased name for the x509keyfile option */ -#define X509KEYFILE_NAME (gnutls_cli_opt_strs+2695) +#define X509KEYFILE_NAME (gnutls_cli_opt_strs+2795) /** Name string for the x509keyfile option */ -#define X509KEYFILE_name (gnutls_cli_opt_strs+2707) +#define X509KEYFILE_name (gnutls_cli_opt_strs+2807) /** Compiled in flag settings for the x509keyfile option */ #define X509KEYFILE_FLAGS (OPTST_DISABLED \ | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING)) @@ -653,11 +670,11 @@ static int const aStarttls_ProtoCantList[] = { * "Must also have options" and "Incompatible options": */ /** Descriptive text for the x509certfile option */ -#define X509CERTFILE_DESC (gnutls_cli_opt_strs+2719) +#define X509CERTFILE_DESC (gnutls_cli_opt_strs+2819) /** Upper-cased name for the x509certfile option */ -#define X509CERTFILE_NAME (gnutls_cli_opt_strs+2765) +#define X509CERTFILE_NAME (gnutls_cli_opt_strs+2865) /** Name string for the x509certfile option */ -#define X509CERTFILE_name (gnutls_cli_opt_strs+2778) +#define X509CERTFILE_name (gnutls_cli_opt_strs+2878) /** Other options that are required by the x509certfile option */ static int const aX509certfileMustList[] = { INDEX_OPT_X509KEYFILE, NO_EQUIVALENT }; @@ -669,11 +686,11 @@ static int const aX509certfileMustList[] = { * srpusername option description: */ /** Descriptive text for the srpusername option */ -#define SRPUSERNAME_DESC (gnutls_cli_opt_strs+2791) +#define SRPUSERNAME_DESC (gnutls_cli_opt_strs+2891) /** Upper-cased name for the srpusername option */ -#define SRPUSERNAME_NAME (gnutls_cli_opt_strs+2811) +#define SRPUSERNAME_NAME (gnutls_cli_opt_strs+2911) /** Name string for the srpusername option */ -#define SRPUSERNAME_name (gnutls_cli_opt_strs+2823) +#define SRPUSERNAME_name (gnutls_cli_opt_strs+2923) /** Compiled in flag settings for the srpusername option */ #define SRPUSERNAME_FLAGS (OPTST_DISABLED \ | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING)) @@ -682,11 +699,11 @@ static int const aX509certfileMustList[] = { * srppasswd option description: */ /** Descriptive text for the srppasswd option */ -#define SRPPASSWD_DESC (gnutls_cli_opt_strs+2835) +#define SRPPASSWD_DESC (gnutls_cli_opt_strs+2935) /** Upper-cased name for the srppasswd option */ -#define SRPPASSWD_NAME (gnutls_cli_opt_strs+2855) +#define SRPPASSWD_NAME (gnutls_cli_opt_strs+2955) /** Name string for the srppasswd option */ -#define SRPPASSWD_name (gnutls_cli_opt_strs+2865) +#define SRPPASSWD_name (gnutls_cli_opt_strs+2965) /** Compiled in flag settings for the srppasswd option */ #define SRPPASSWD_FLAGS (OPTST_DISABLED \ | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING)) @@ -695,11 +712,11 @@ static int const aX509certfileMustList[] = { * pskusername option description: */ /** Descriptive text for the pskusername option */ -#define PSKUSERNAME_DESC (gnutls_cli_opt_strs+2875) +#define PSKUSERNAME_DESC (gnutls_cli_opt_strs+2975) /** Upper-cased name for the pskusername option */ -#define PSKUSERNAME_NAME (gnutls_cli_opt_strs+2895) +#define PSKUSERNAME_NAME (gnutls_cli_opt_strs+2995) /** Name string for the pskusername option */ -#define PSKUSERNAME_name (gnutls_cli_opt_strs+2907) +#define PSKUSERNAME_name (gnutls_cli_opt_strs+3007) /** Compiled in flag settings for the pskusername option */ #define PSKUSERNAME_FLAGS (OPTST_DISABLED \ | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING)) @@ -708,11 +725,11 @@ static int const aX509certfileMustList[] = { * pskkey option description: */ /** Descriptive text for the pskkey option */ -#define PSKKEY_DESC (gnutls_cli_opt_strs+2919) +#define PSKKEY_DESC (gnutls_cli_opt_strs+3019) /** Upper-cased name for the pskkey option */ -#define PSKKEY_NAME (gnutls_cli_opt_strs+2943) +#define PSKKEY_NAME (gnutls_cli_opt_strs+3043) /** Name string for the pskkey option */ -#define PSKKEY_name (gnutls_cli_opt_strs+2950) +#define PSKKEY_name (gnutls_cli_opt_strs+3050) /** Compiled in flag settings for the pskkey option */ #define PSKKEY_FLAGS (OPTST_DISABLED \ | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING)) @@ -721,11 +738,11 @@ static int const aX509certfileMustList[] = { * port option description: */ /** Descriptive text for the port option */ -#define PORT_DESC (gnutls_cli_opt_strs+2957) +#define PORT_DESC (gnutls_cli_opt_strs+3057) /** Upper-cased name for the port option */ -#define PORT_NAME (gnutls_cli_opt_strs+2991) +#define PORT_NAME (gnutls_cli_opt_strs+3091) /** Name string for the port option */ -#define PORT_name (gnutls_cli_opt_strs+2996) +#define PORT_name (gnutls_cli_opt_strs+3096) /** Compiled in flag settings for the port option */ #define PORT_FLAGS (OPTST_DISABLED \ | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING)) @@ -734,11 +751,11 @@ static int const aX509certfileMustList[] = { * insecure option description: */ /** Descriptive text for the insecure option */ -#define INSECURE_DESC (gnutls_cli_opt_strs+3001) +#define INSECURE_DESC (gnutls_cli_opt_strs+3101) /** Upper-cased name for the insecure option */ -#define INSECURE_NAME (gnutls_cli_opt_strs+3062) +#define INSECURE_NAME (gnutls_cli_opt_strs+3162) /** Name string for the insecure option */ -#define INSECURE_name (gnutls_cli_opt_strs+3071) +#define INSECURE_name (gnutls_cli_opt_strs+3171) /** Compiled in flag settings for the insecure option */ #define INSECURE_FLAGS (OPTST_DISABLED) @@ -746,11 +763,11 @@ static int const aX509certfileMustList[] = { * verify-allow-broken option description: */ /** Descriptive text for the verify-allow-broken option */ -#define VERIFY_ALLOW_BROKEN_DESC (gnutls_cli_opt_strs+3080) +#define VERIFY_ALLOW_BROKEN_DESC (gnutls_cli_opt_strs+3180) /** Upper-cased name for the verify-allow-broken option */ -#define VERIFY_ALLOW_BROKEN_NAME (gnutls_cli_opt_strs+3146) +#define VERIFY_ALLOW_BROKEN_NAME (gnutls_cli_opt_strs+3246) /** Name string for the verify-allow-broken option */ -#define VERIFY_ALLOW_BROKEN_name (gnutls_cli_opt_strs+3166) +#define VERIFY_ALLOW_BROKEN_name (gnutls_cli_opt_strs+3266) /** Compiled in flag settings for the verify-allow-broken option */ #define VERIFY_ALLOW_BROKEN_FLAGS (OPTST_DISABLED) @@ -758,11 +775,11 @@ static int const aX509certfileMustList[] = { * ranges option description: */ /** Descriptive text for the ranges option */ -#define RANGES_DESC (gnutls_cli_opt_strs+3186) +#define RANGES_DESC (gnutls_cli_opt_strs+3286) /** Upper-cased name for the ranges option */ -#define RANGES_NAME (gnutls_cli_opt_strs+3240) +#define RANGES_NAME (gnutls_cli_opt_strs+3340) /** Name string for the ranges option */ -#define RANGES_name (gnutls_cli_opt_strs+3247) +#define RANGES_name (gnutls_cli_opt_strs+3347) /** Compiled in flag settings for the ranges option */ #define RANGES_FLAGS (OPTST_DISABLED) @@ -770,11 +787,11 @@ static int const aX509certfileMustList[] = { * benchmark-ciphers option description: */ /** Descriptive text for the benchmark-ciphers option */ -#define BENCHMARK_CIPHERS_DESC (gnutls_cli_opt_strs+3254) +#define BENCHMARK_CIPHERS_DESC (gnutls_cli_opt_strs+3354) /** Upper-cased name for the benchmark-ciphers option */ -#define BENCHMARK_CIPHERS_NAME (gnutls_cli_opt_strs+3283) +#define BENCHMARK_CIPHERS_NAME (gnutls_cli_opt_strs+3383) /** Name string for the benchmark-ciphers option */ -#define BENCHMARK_CIPHERS_name (gnutls_cli_opt_strs+3301) +#define BENCHMARK_CIPHERS_name (gnutls_cli_opt_strs+3401) /** Compiled in flag settings for the benchmark-ciphers option */ #define BENCHMARK_CIPHERS_FLAGS (OPTST_DISABLED) @@ -782,11 +799,11 @@ static int const aX509certfileMustList[] = { * benchmark-tls-kx option description: */ /** Descriptive text for the benchmark-tls-kx option */ -#define BENCHMARK_TLS_KX_DESC (gnutls_cli_opt_strs+3319) +#define BENCHMARK_TLS_KX_DESC (gnutls_cli_opt_strs+3419) /** Upper-cased name for the benchmark-tls-kx option */ -#define BENCHMARK_TLS_KX_NAME (gnutls_cli_opt_strs+3354) +#define BENCHMARK_TLS_KX_NAME (gnutls_cli_opt_strs+3454) /** Name string for the benchmark-tls-kx option */ -#define BENCHMARK_TLS_KX_name (gnutls_cli_opt_strs+3371) +#define BENCHMARK_TLS_KX_name (gnutls_cli_opt_strs+3471) /** Compiled in flag settings for the benchmark-tls-kx option */ #define BENCHMARK_TLS_KX_FLAGS (OPTST_DISABLED) @@ -794,11 +811,11 @@ static int const aX509certfileMustList[] = { * benchmark-tls-ciphers option description: */ /** Descriptive text for the benchmark-tls-ciphers option */ -#define BENCHMARK_TLS_CIPHERS_DESC (gnutls_cli_opt_strs+3388) +#define BENCHMARK_TLS_CIPHERS_DESC (gnutls_cli_opt_strs+3488) /** Upper-cased name for the benchmark-tls-ciphers option */ -#define BENCHMARK_TLS_CIPHERS_NAME (gnutls_cli_opt_strs+3410) +#define BENCHMARK_TLS_CIPHERS_NAME (gnutls_cli_opt_strs+3510) /** Name string for the benchmark-tls-ciphers option */ -#define BENCHMARK_TLS_CIPHERS_name (gnutls_cli_opt_strs+3432) +#define BENCHMARK_TLS_CIPHERS_name (gnutls_cli_opt_strs+3532) /** Compiled in flag settings for the benchmark-tls-ciphers option */ #define BENCHMARK_TLS_CIPHERS_FLAGS (OPTST_DISABLED) @@ -807,11 +824,11 @@ static int const aX509certfileMustList[] = { * "Must also have options" and "Incompatible options": */ /** Descriptive text for the list option */ -#define LIST_DESC (gnutls_cli_opt_strs+3454) +#define LIST_DESC (gnutls_cli_opt_strs+3554) /** Upper-cased name for the list option */ -#define LIST_NAME (gnutls_cli_opt_strs+3505) +#define LIST_NAME (gnutls_cli_opt_strs+3605) /** Name string for the list option */ -#define LIST_name (gnutls_cli_opt_strs+3510) +#define LIST_name (gnutls_cli_opt_strs+3610) /** Other options that appear in conjunction with the list option */ static int const aListCantList[] = { INDEX_OPT_PORT, NO_EQUIVALENT }; @@ -822,11 +839,11 @@ static int const aListCantList[] = { * priority-list option description: */ /** Descriptive text for the priority-list option */ -#define PRIORITY_LIST_DESC (gnutls_cli_opt_strs+3515) +#define PRIORITY_LIST_DESC (gnutls_cli_opt_strs+3615) /** Upper-cased name for the priority-list option */ -#define PRIORITY_LIST_NAME (gnutls_cli_opt_strs+3562) +#define PRIORITY_LIST_NAME (gnutls_cli_opt_strs+3662) /** Name string for the priority-list option */ -#define PRIORITY_LIST_name (gnutls_cli_opt_strs+3576) +#define PRIORITY_LIST_name (gnutls_cli_opt_strs+3676) /** Compiled in flag settings for the priority-list option */ #define PRIORITY_LIST_FLAGS (OPTST_DISABLED) @@ -834,11 +851,11 @@ static int const aListCantList[] = { * noticket option description: */ /** Descriptive text for the noticket option */ -#define NOTICKET_DESC (gnutls_cli_opt_strs+3590) +#define NOTICKET_DESC (gnutls_cli_opt_strs+3690) /** Upper-cased name for the noticket option */ -#define NOTICKET_NAME (gnutls_cli_opt_strs+3618) +#define NOTICKET_NAME (gnutls_cli_opt_strs+3718) /** Name string for the noticket option */ -#define NOTICKET_name (gnutls_cli_opt_strs+3627) +#define NOTICKET_name (gnutls_cli_opt_strs+3727) /** Compiled in flag settings for the noticket option */ #define NOTICKET_FLAGS (OPTST_DISABLED) @@ -846,11 +863,11 @@ static int const aListCantList[] = { * srtp_profiles option description: */ /** Descriptive text for the srtp_profiles option */ -#define SRTP_PROFILES_DESC (gnutls_cli_opt_strs+3636) +#define SRTP_PROFILES_DESC (gnutls_cli_opt_strs+3736) /** Upper-cased name for the srtp_profiles option */ -#define SRTP_PROFILES_NAME (gnutls_cli_opt_strs+3656) +#define SRTP_PROFILES_NAME (gnutls_cli_opt_strs+3756) /** Name string for the srtp_profiles option */ -#define SRTP_PROFILES_name (gnutls_cli_opt_strs+3670) +#define SRTP_PROFILES_name (gnutls_cli_opt_strs+3770) /** Compiled in flag settings for the srtp_profiles option */ #define SRTP_PROFILES_FLAGS (OPTST_DISABLED \ | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING)) @@ -859,11 +876,11 @@ static int const aListCantList[] = { * alpn option description: */ /** Descriptive text for the alpn option */ -#define ALPN_DESC (gnutls_cli_opt_strs+3684) +#define ALPN_DESC (gnutls_cli_opt_strs+3784) /** Upper-cased name for the alpn option */ -#define ALPN_NAME (gnutls_cli_opt_strs+3711) +#define ALPN_NAME (gnutls_cli_opt_strs+3811) /** Name string for the alpn option */ -#define ALPN_name (gnutls_cli_opt_strs+3716) +#define ALPN_name (gnutls_cli_opt_strs+3816) /** Compiled in flag settings for the alpn option */ #define ALPN_FLAGS (OPTST_DISABLED | OPTST_STACKED \ | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING)) @@ -872,11 +889,11 @@ static int const aListCantList[] = { * heartbeat option description: */ /** Descriptive text for the heartbeat option */ -#define HEARTBEAT_DESC (gnutls_cli_opt_strs+3721) +#define HEARTBEAT_DESC (gnutls_cli_opt_strs+3821) /** Upper-cased name for the heartbeat option */ -#define HEARTBEAT_NAME (gnutls_cli_opt_strs+3748) +#define HEARTBEAT_NAME (gnutls_cli_opt_strs+3848) /** Name string for the heartbeat option */ -#define HEARTBEAT_name (gnutls_cli_opt_strs+3758) +#define HEARTBEAT_name (gnutls_cli_opt_strs+3858) /** Compiled in flag settings for the heartbeat option */ #define HEARTBEAT_FLAGS (OPTST_DISABLED) @@ -884,11 +901,11 @@ static int const aListCantList[] = { * recordsize option description: */ /** Descriptive text for the recordsize option */ -#define RECORDSIZE_DESC (gnutls_cli_opt_strs+3768) +#define RECORDSIZE_DESC (gnutls_cli_opt_strs+3868) /** Upper-cased name for the recordsize option */ -#define RECORDSIZE_NAME (gnutls_cli_opt_strs+3805) +#define RECORDSIZE_NAME (gnutls_cli_opt_strs+3905) /** Name string for the recordsize option */ -#define RECORDSIZE_name (gnutls_cli_opt_strs+3816) +#define RECORDSIZE_name (gnutls_cli_opt_strs+3916) /** Compiled in flag settings for the recordsize option */ #define RECORDSIZE_FLAGS (OPTST_DISABLED \ | OPTST_SET_ARGTYPE(OPARG_TYPE_NUMERIC)) @@ -897,11 +914,11 @@ static int const aListCantList[] = { * disable-sni option description: */ /** Descriptive text for the disable-sni option */ -#define DISABLE_SNI_DESC (gnutls_cli_opt_strs+3827) +#define DISABLE_SNI_DESC (gnutls_cli_opt_strs+3927) /** Upper-cased name for the disable-sni option */ -#define DISABLE_SNI_NAME (gnutls_cli_opt_strs+3870) +#define DISABLE_SNI_NAME (gnutls_cli_opt_strs+3970) /** Name string for the disable-sni option */ -#define DISABLE_SNI_name (gnutls_cli_opt_strs+3882) +#define DISABLE_SNI_name (gnutls_cli_opt_strs+3982) /** Compiled in flag settings for the disable-sni option */ #define DISABLE_SNI_FLAGS (OPTST_DISABLED) @@ -909,11 +926,11 @@ static int const aListCantList[] = { * disable-extensions option description: */ /** Descriptive text for the disable-extensions option */ -#define DISABLE_EXTENSIONS_DESC (gnutls_cli_opt_strs+3894) +#define DISABLE_EXTENSIONS_DESC (gnutls_cli_opt_strs+3994) /** Upper-cased name for the disable-extensions option */ -#define DISABLE_EXTENSIONS_NAME (gnutls_cli_opt_strs+3925) +#define DISABLE_EXTENSIONS_NAME (gnutls_cli_opt_strs+4025) /** Name string for the disable-extensions option */ -#define DISABLE_EXTENSIONS_name (gnutls_cli_opt_strs+3944) +#define DISABLE_EXTENSIONS_name (gnutls_cli_opt_strs+4044) /** Compiled in flag settings for the disable-extensions option */ #define DISABLE_EXTENSIONS_FLAGS (OPTST_DISABLED) @@ -921,11 +938,11 @@ static int const aListCantList[] = { * inline-commands option description: */ /** Descriptive text for the inline-commands option */ -#define INLINE_COMMANDS_DESC (gnutls_cli_opt_strs+3963) +#define INLINE_COMMANDS_DESC (gnutls_cli_opt_strs+4063) /** Upper-cased name for the inline-commands option */ -#define INLINE_COMMANDS_NAME (gnutls_cli_opt_strs+3999) +#define INLINE_COMMANDS_NAME (gnutls_cli_opt_strs+4099) /** Name string for the inline-commands option */ -#define INLINE_COMMANDS_name (gnutls_cli_opt_strs+4015) +#define INLINE_COMMANDS_name (gnutls_cli_opt_strs+4115) /** Compiled in flag settings for the inline-commands option */ #define INLINE_COMMANDS_FLAGS (OPTST_DISABLED) @@ -933,11 +950,11 @@ static int const aListCantList[] = { * inline-commands-prefix option description: */ /** Descriptive text for the inline-commands-prefix option */ -#define INLINE_COMMANDS_PREFIX_DESC (gnutls_cli_opt_strs+4031) +#define INLINE_COMMANDS_PREFIX_DESC (gnutls_cli_opt_strs+4131) /** Upper-cased name for the inline-commands-prefix option */ -#define INLINE_COMMANDS_PREFIX_NAME (gnutls_cli_opt_strs+4081) +#define INLINE_COMMANDS_PREFIX_NAME (gnutls_cli_opt_strs+4181) /** Name string for the inline-commands-prefix option */ -#define INLINE_COMMANDS_PREFIX_name (gnutls_cli_opt_strs+4104) +#define INLINE_COMMANDS_PREFIX_name (gnutls_cli_opt_strs+4204) /** Compiled in flag settings for the inline-commands-prefix option */ #define INLINE_COMMANDS_PREFIX_FLAGS (OPTST_DISABLED \ | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING)) @@ -946,11 +963,11 @@ static int const aListCantList[] = { * provider option description: */ /** Descriptive text for the provider option */ -#define PROVIDER_DESC (gnutls_cli_opt_strs+4127) +#define PROVIDER_DESC (gnutls_cli_opt_strs+4227) /** Upper-cased name for the provider option */ -#define PROVIDER_NAME (gnutls_cli_opt_strs+4165) +#define PROVIDER_NAME (gnutls_cli_opt_strs+4265) /** Name string for the provider option */ -#define PROVIDER_name (gnutls_cli_opt_strs+4174) +#define PROVIDER_name (gnutls_cli_opt_strs+4274) /** Compiled in flag settings for the provider option */ #define PROVIDER_FLAGS (OPTST_DISABLED \ | OPTST_SET_ARGTYPE(OPARG_TYPE_FILE)) @@ -959,22 +976,22 @@ static int const aListCantList[] = { * fips140-mode option description: */ /** Descriptive text for the fips140-mode option */ -#define FIPS140_MODE_DESC (gnutls_cli_opt_strs+4183) +#define FIPS140_MODE_DESC (gnutls_cli_opt_strs+4283) /** Upper-cased name for the fips140-mode option */ -#define FIPS140_MODE_NAME (gnutls_cli_opt_strs+4242) +#define FIPS140_MODE_NAME (gnutls_cli_opt_strs+4342) /** Name string for the fips140-mode option */ -#define FIPS140_MODE_name (gnutls_cli_opt_strs+4255) +#define FIPS140_MODE_name (gnutls_cli_opt_strs+4355) /** Compiled in flag settings for the fips140-mode option */ #define FIPS140_MODE_FLAGS (OPTST_DISABLED) /* * Help/More_Help/Version option descriptions: */ -#define HELP_DESC (gnutls_cli_opt_strs+4268) -#define HELP_name (gnutls_cli_opt_strs+4312) +#define HELP_DESC (gnutls_cli_opt_strs+4368) +#define HELP_name (gnutls_cli_opt_strs+4412) #ifdef HAVE_WORKING_FORK -#define MORE_HELP_DESC (gnutls_cli_opt_strs+4317) -#define MORE_HELP_name (gnutls_cli_opt_strs+4362) +#define MORE_HELP_DESC (gnutls_cli_opt_strs+4417) +#define MORE_HELP_name (gnutls_cli_opt_strs+4462) #define MORE_HELP_FLAGS (OPTST_IMM | OPTST_NO_INIT) #else #define MORE_HELP_DESC HELP_DESC @@ -987,8 +1004,8 @@ static int const aListCantList[] = { # define VER_FLAGS (OPTST_SET_ARGTYPE(OPARG_TYPE_STRING) | \ OPTST_ARG_OPTIONAL | OPTST_IMM | OPTST_NO_INIT) #endif -#define VER_DESC (gnutls_cli_opt_strs+4372) -#define VER_name (gnutls_cli_opt_strs+4408) +#define VER_DESC (gnutls_cli_opt_strs+4472) +#define VER_name (gnutls_cli_opt_strs+4508) /** * Declare option callback procedures */ @@ -1141,8 +1158,20 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ SNI_HOSTNAME_DESC, SNI_HOSTNAME_NAME, SNI_HOSTNAME_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 11, VALUE_OPT_STARTTLS, - /* equiv idx, value */ 11, VALUE_OPT_STARTTLS, + { /* entry idx, value */ 11, VALUE_OPT_VERIFY_HOSTNAME, + /* equiv idx, value */ 11, VALUE_OPT_VERIFY_HOSTNAME, + /* equivalenced to */ NO_EQUIVALENT, + /* min, max, act ct */ 0, 1, 0, + /* opt state flags */ VERIFY_HOSTNAME_FLAGS, 0, + /* last opt argumnt */ { NULL }, /* --verify-hostname */ + /* arg list/cookie */ NULL, + /* must/cannot opts */ NULL, NULL, + /* option proc */ NULL, + /* desc, NAME, name */ VERIFY_HOSTNAME_DESC, VERIFY_HOSTNAME_NAME, VERIFY_HOSTNAME_name, + /* disablement strs */ NULL, NULL }, + + { /* entry idx, value */ 12, VALUE_OPT_STARTTLS, + /* equiv idx, value */ 12, VALUE_OPT_STARTTLS, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ STARTTLS_FLAGS, 0, @@ -1153,8 +1182,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ STARTTLS_DESC, STARTTLS_NAME, STARTTLS_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 12, VALUE_OPT_APP_PROTO, - /* equiv idx, value */ 12, VALUE_OPT_APP_PROTO, + { /* entry idx, value */ 13, VALUE_OPT_APP_PROTO, + /* equiv idx, value */ 13, VALUE_OPT_APP_PROTO, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ APP_PROTO_FLAGS, 0, @@ -1165,8 +1194,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ APP_PROTO_DESC, APP_PROTO_NAME, APP_PROTO_name, /* disablement strs */ 0, 0 }, - { /* entry idx, value */ 13, VALUE_OPT_STARTTLS_PROTO, - /* equiv idx, value */ 13, VALUE_OPT_STARTTLS_PROTO, + { /* entry idx, value */ 14, VALUE_OPT_STARTTLS_PROTO, + /* equiv idx, value */ 14, VALUE_OPT_STARTTLS_PROTO, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ STARTTLS_PROTO_FLAGS, 0, @@ -1177,8 +1206,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ STARTTLS_PROTO_DESC, STARTTLS_PROTO_NAME, STARTTLS_PROTO_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 14, VALUE_OPT_UDP, - /* equiv idx, value */ 14, VALUE_OPT_UDP, + { /* entry idx, value */ 15, VALUE_OPT_UDP, + /* equiv idx, value */ 15, VALUE_OPT_UDP, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ UDP_FLAGS, 0, @@ -1189,8 +1218,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ UDP_DESC, UDP_NAME, UDP_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 15, VALUE_OPT_MTU, - /* equiv idx, value */ 15, VALUE_OPT_MTU, + { /* entry idx, value */ 16, VALUE_OPT_MTU, + /* equiv idx, value */ 16, VALUE_OPT_MTU, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ MTU_FLAGS, 0, @@ -1201,8 +1230,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ MTU_DESC, MTU_NAME, MTU_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 16, VALUE_OPT_CRLF, - /* equiv idx, value */ 16, VALUE_OPT_CRLF, + { /* entry idx, value */ 17, VALUE_OPT_CRLF, + /* equiv idx, value */ 17, VALUE_OPT_CRLF, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ CRLF_FLAGS, 0, @@ -1213,8 +1242,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ CRLF_DESC, CRLF_NAME, CRLF_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 17, VALUE_OPT_FASTOPEN, - /* equiv idx, value */ 17, VALUE_OPT_FASTOPEN, + { /* entry idx, value */ 18, VALUE_OPT_FASTOPEN, + /* equiv idx, value */ 18, VALUE_OPT_FASTOPEN, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ FASTOPEN_FLAGS, 0, @@ -1225,8 +1254,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ FASTOPEN_DESC, FASTOPEN_NAME, FASTOPEN_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 18, VALUE_OPT_X509FMTDER, - /* equiv idx, value */ 18, VALUE_OPT_X509FMTDER, + { /* entry idx, value */ 19, VALUE_OPT_X509FMTDER, + /* equiv idx, value */ 19, VALUE_OPT_X509FMTDER, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ X509FMTDER_FLAGS, 0, @@ -1237,8 +1266,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ X509FMTDER_DESC, X509FMTDER_NAME, X509FMTDER_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 19, VALUE_OPT_PRINT_CERT, - /* equiv idx, value */ 19, VALUE_OPT_PRINT_CERT, + { /* entry idx, value */ 20, VALUE_OPT_PRINT_CERT, + /* equiv idx, value */ 20, VALUE_OPT_PRINT_CERT, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ PRINT_CERT_FLAGS, 0, @@ -1249,8 +1278,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ PRINT_CERT_DESC, PRINT_CERT_NAME, PRINT_CERT_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 20, VALUE_OPT_SAVE_CERT, - /* equiv idx, value */ 20, VALUE_OPT_SAVE_CERT, + { /* entry idx, value */ 21, VALUE_OPT_SAVE_CERT, + /* equiv idx, value */ 21, VALUE_OPT_SAVE_CERT, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ SAVE_CERT_FLAGS, 0, @@ -1261,8 +1290,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ SAVE_CERT_DESC, SAVE_CERT_NAME, SAVE_CERT_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 21, VALUE_OPT_SAVE_OCSP, - /* equiv idx, value */ 21, VALUE_OPT_SAVE_OCSP, + { /* entry idx, value */ 22, VALUE_OPT_SAVE_OCSP, + /* equiv idx, value */ 22, VALUE_OPT_SAVE_OCSP, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ SAVE_OCSP_FLAGS, 0, @@ -1273,8 +1302,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ SAVE_OCSP_DESC, SAVE_OCSP_NAME, SAVE_OCSP_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 22, VALUE_OPT_SAVE_SERVER_TRACE, - /* equiv idx, value */ 22, VALUE_OPT_SAVE_SERVER_TRACE, + { /* entry idx, value */ 23, VALUE_OPT_SAVE_SERVER_TRACE, + /* equiv idx, value */ 23, VALUE_OPT_SAVE_SERVER_TRACE, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ SAVE_SERVER_TRACE_FLAGS, 0, @@ -1285,8 +1314,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ SAVE_SERVER_TRACE_DESC, SAVE_SERVER_TRACE_NAME, SAVE_SERVER_TRACE_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 23, VALUE_OPT_SAVE_CLIENT_TRACE, - /* equiv idx, value */ 23, VALUE_OPT_SAVE_CLIENT_TRACE, + { /* entry idx, value */ 24, VALUE_OPT_SAVE_CLIENT_TRACE, + /* equiv idx, value */ 24, VALUE_OPT_SAVE_CLIENT_TRACE, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ SAVE_CLIENT_TRACE_FLAGS, 0, @@ -1297,8 +1326,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ SAVE_CLIENT_TRACE_DESC, SAVE_CLIENT_TRACE_NAME, SAVE_CLIENT_TRACE_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 24, VALUE_OPT_DH_BITS, - /* equiv idx, value */ 24, VALUE_OPT_DH_BITS, + { /* entry idx, value */ 25, VALUE_OPT_DH_BITS, + /* equiv idx, value */ 25, VALUE_OPT_DH_BITS, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ DH_BITS_FLAGS, 0, @@ -1309,8 +1338,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ DH_BITS_DESC, DH_BITS_NAME, DH_BITS_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 25, VALUE_OPT_PRIORITY, - /* equiv idx, value */ 25, VALUE_OPT_PRIORITY, + { /* entry idx, value */ 26, VALUE_OPT_PRIORITY, + /* equiv idx, value */ 26, VALUE_OPT_PRIORITY, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ PRIORITY_FLAGS, 0, @@ -1321,8 +1350,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ PRIORITY_DESC, PRIORITY_NAME, PRIORITY_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 26, VALUE_OPT_X509CAFILE, - /* equiv idx, value */ 26, VALUE_OPT_X509CAFILE, + { /* entry idx, value */ 27, VALUE_OPT_X509CAFILE, + /* equiv idx, value */ 27, VALUE_OPT_X509CAFILE, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ X509CAFILE_FLAGS, 0, @@ -1333,8 +1362,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ X509CAFILE_DESC, X509CAFILE_NAME, X509CAFILE_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 27, VALUE_OPT_X509CRLFILE, - /* equiv idx, value */ 27, VALUE_OPT_X509CRLFILE, + { /* entry idx, value */ 28, VALUE_OPT_X509CRLFILE, + /* equiv idx, value */ 28, VALUE_OPT_X509CRLFILE, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ X509CRLFILE_FLAGS, 0, @@ -1345,8 +1374,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ X509CRLFILE_DESC, X509CRLFILE_NAME, X509CRLFILE_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 28, VALUE_OPT_X509KEYFILE, - /* equiv idx, value */ 28, VALUE_OPT_X509KEYFILE, + { /* entry idx, value */ 29, VALUE_OPT_X509KEYFILE, + /* equiv idx, value */ 29, VALUE_OPT_X509KEYFILE, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ X509KEYFILE_FLAGS, 0, @@ -1357,8 +1386,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ X509KEYFILE_DESC, X509KEYFILE_NAME, X509KEYFILE_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 29, VALUE_OPT_X509CERTFILE, - /* equiv idx, value */ 29, VALUE_OPT_X509CERTFILE, + { /* entry idx, value */ 30, VALUE_OPT_X509CERTFILE, + /* equiv idx, value */ 30, VALUE_OPT_X509CERTFILE, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ X509CERTFILE_FLAGS, 0, @@ -1369,8 +1398,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ X509CERTFILE_DESC, X509CERTFILE_NAME, X509CERTFILE_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 30, VALUE_OPT_SRPUSERNAME, - /* equiv idx, value */ 30, VALUE_OPT_SRPUSERNAME, + { /* entry idx, value */ 31, VALUE_OPT_SRPUSERNAME, + /* equiv idx, value */ 31, VALUE_OPT_SRPUSERNAME, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ SRPUSERNAME_FLAGS, 0, @@ -1381,8 +1410,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ SRPUSERNAME_DESC, SRPUSERNAME_NAME, SRPUSERNAME_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 31, VALUE_OPT_SRPPASSWD, - /* equiv idx, value */ 31, VALUE_OPT_SRPPASSWD, + { /* entry idx, value */ 32, VALUE_OPT_SRPPASSWD, + /* equiv idx, value */ 32, VALUE_OPT_SRPPASSWD, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ SRPPASSWD_FLAGS, 0, @@ -1393,8 +1422,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ SRPPASSWD_DESC, SRPPASSWD_NAME, SRPPASSWD_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 32, VALUE_OPT_PSKUSERNAME, - /* equiv idx, value */ 32, VALUE_OPT_PSKUSERNAME, + { /* entry idx, value */ 33, VALUE_OPT_PSKUSERNAME, + /* equiv idx, value */ 33, VALUE_OPT_PSKUSERNAME, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ PSKUSERNAME_FLAGS, 0, @@ -1405,8 +1434,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ PSKUSERNAME_DESC, PSKUSERNAME_NAME, PSKUSERNAME_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 33, VALUE_OPT_PSKKEY, - /* equiv idx, value */ 33, VALUE_OPT_PSKKEY, + { /* entry idx, value */ 34, VALUE_OPT_PSKKEY, + /* equiv idx, value */ 34, VALUE_OPT_PSKKEY, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ PSKKEY_FLAGS, 0, @@ -1417,8 +1446,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ PSKKEY_DESC, PSKKEY_NAME, PSKKEY_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 34, VALUE_OPT_PORT, - /* equiv idx, value */ 34, VALUE_OPT_PORT, + { /* entry idx, value */ 35, VALUE_OPT_PORT, + /* equiv idx, value */ 35, VALUE_OPT_PORT, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ PORT_FLAGS, 0, @@ -1429,8 +1458,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ PORT_DESC, PORT_NAME, PORT_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 35, VALUE_OPT_INSECURE, - /* equiv idx, value */ 35, VALUE_OPT_INSECURE, + { /* entry idx, value */ 36, VALUE_OPT_INSECURE, + /* equiv idx, value */ 36, VALUE_OPT_INSECURE, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ INSECURE_FLAGS, 0, @@ -1441,8 +1470,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ INSECURE_DESC, INSECURE_NAME, INSECURE_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 36, VALUE_OPT_VERIFY_ALLOW_BROKEN, - /* equiv idx, value */ 36, VALUE_OPT_VERIFY_ALLOW_BROKEN, + { /* entry idx, value */ 37, VALUE_OPT_VERIFY_ALLOW_BROKEN, + /* equiv idx, value */ 37, VALUE_OPT_VERIFY_ALLOW_BROKEN, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ VERIFY_ALLOW_BROKEN_FLAGS, 0, @@ -1453,8 +1482,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ VERIFY_ALLOW_BROKEN_DESC, VERIFY_ALLOW_BROKEN_NAME, VERIFY_ALLOW_BROKEN_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 37, VALUE_OPT_RANGES, - /* equiv idx, value */ 37, VALUE_OPT_RANGES, + { /* entry idx, value */ 38, VALUE_OPT_RANGES, + /* equiv idx, value */ 38, VALUE_OPT_RANGES, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ RANGES_FLAGS, 0, @@ -1465,8 +1494,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ RANGES_DESC, RANGES_NAME, RANGES_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 38, VALUE_OPT_BENCHMARK_CIPHERS, - /* equiv idx, value */ 38, VALUE_OPT_BENCHMARK_CIPHERS, + { /* entry idx, value */ 39, VALUE_OPT_BENCHMARK_CIPHERS, + /* equiv idx, value */ 39, VALUE_OPT_BENCHMARK_CIPHERS, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ BENCHMARK_CIPHERS_FLAGS, 0, @@ -1477,8 +1506,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ BENCHMARK_CIPHERS_DESC, BENCHMARK_CIPHERS_NAME, BENCHMARK_CIPHERS_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 39, VALUE_OPT_BENCHMARK_TLS_KX, - /* equiv idx, value */ 39, VALUE_OPT_BENCHMARK_TLS_KX, + { /* entry idx, value */ 40, VALUE_OPT_BENCHMARK_TLS_KX, + /* equiv idx, value */ 40, VALUE_OPT_BENCHMARK_TLS_KX, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ BENCHMARK_TLS_KX_FLAGS, 0, @@ -1489,8 +1518,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ BENCHMARK_TLS_KX_DESC, BENCHMARK_TLS_KX_NAME, BENCHMARK_TLS_KX_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 40, VALUE_OPT_BENCHMARK_TLS_CIPHERS, - /* equiv idx, value */ 40, VALUE_OPT_BENCHMARK_TLS_CIPHERS, + { /* entry idx, value */ 41, VALUE_OPT_BENCHMARK_TLS_CIPHERS, + /* equiv idx, value */ 41, VALUE_OPT_BENCHMARK_TLS_CIPHERS, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ BENCHMARK_TLS_CIPHERS_FLAGS, 0, @@ -1501,8 +1530,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ BENCHMARK_TLS_CIPHERS_DESC, BENCHMARK_TLS_CIPHERS_NAME, BENCHMARK_TLS_CIPHERS_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 41, VALUE_OPT_LIST, - /* equiv idx, value */ 41, VALUE_OPT_LIST, + { /* entry idx, value */ 42, VALUE_OPT_LIST, + /* equiv idx, value */ 42, VALUE_OPT_LIST, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ LIST_FLAGS, 0, @@ -1513,8 +1542,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ LIST_DESC, LIST_NAME, LIST_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 42, VALUE_OPT_PRIORITY_LIST, - /* equiv idx, value */ 42, VALUE_OPT_PRIORITY_LIST, + { /* entry idx, value */ 43, VALUE_OPT_PRIORITY_LIST, + /* equiv idx, value */ 43, VALUE_OPT_PRIORITY_LIST, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ PRIORITY_LIST_FLAGS, 0, @@ -1525,8 +1554,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ PRIORITY_LIST_DESC, PRIORITY_LIST_NAME, PRIORITY_LIST_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 43, VALUE_OPT_NOTICKET, - /* equiv idx, value */ 43, VALUE_OPT_NOTICKET, + { /* entry idx, value */ 44, VALUE_OPT_NOTICKET, + /* equiv idx, value */ 44, VALUE_OPT_NOTICKET, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ NOTICKET_FLAGS, 0, @@ -1537,8 +1566,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ NOTICKET_DESC, NOTICKET_NAME, NOTICKET_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 44, VALUE_OPT_SRTP_PROFILES, - /* equiv idx, value */ 44, VALUE_OPT_SRTP_PROFILES, + { /* entry idx, value */ 45, VALUE_OPT_SRTP_PROFILES, + /* equiv idx, value */ 45, VALUE_OPT_SRTP_PROFILES, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ SRTP_PROFILES_FLAGS, 0, @@ -1549,8 +1578,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ SRTP_PROFILES_DESC, SRTP_PROFILES_NAME, SRTP_PROFILES_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 45, VALUE_OPT_ALPN, - /* equiv idx, value */ 45, VALUE_OPT_ALPN, + { /* entry idx, value */ 46, VALUE_OPT_ALPN, + /* equiv idx, value */ 46, VALUE_OPT_ALPN, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, NOLIMIT, 0, /* opt state flags */ ALPN_FLAGS, 0, @@ -1561,8 +1590,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ ALPN_DESC, ALPN_NAME, ALPN_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 46, VALUE_OPT_HEARTBEAT, - /* equiv idx, value */ 46, VALUE_OPT_HEARTBEAT, + { /* entry idx, value */ 47, VALUE_OPT_HEARTBEAT, + /* equiv idx, value */ 47, VALUE_OPT_HEARTBEAT, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ HEARTBEAT_FLAGS, 0, @@ -1573,8 +1602,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ HEARTBEAT_DESC, HEARTBEAT_NAME, HEARTBEAT_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 47, VALUE_OPT_RECORDSIZE, - /* equiv idx, value */ 47, VALUE_OPT_RECORDSIZE, + { /* entry idx, value */ 48, VALUE_OPT_RECORDSIZE, + /* equiv idx, value */ 48, VALUE_OPT_RECORDSIZE, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ RECORDSIZE_FLAGS, 0, @@ -1585,8 +1614,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ RECORDSIZE_DESC, RECORDSIZE_NAME, RECORDSIZE_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 48, VALUE_OPT_DISABLE_SNI, - /* equiv idx, value */ 48, VALUE_OPT_DISABLE_SNI, + { /* entry idx, value */ 49, VALUE_OPT_DISABLE_SNI, + /* equiv idx, value */ 49, VALUE_OPT_DISABLE_SNI, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ DISABLE_SNI_FLAGS, 0, @@ -1597,8 +1626,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ DISABLE_SNI_DESC, DISABLE_SNI_NAME, DISABLE_SNI_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 49, VALUE_OPT_DISABLE_EXTENSIONS, - /* equiv idx, value */ 49, VALUE_OPT_DISABLE_EXTENSIONS, + { /* entry idx, value */ 50, VALUE_OPT_DISABLE_EXTENSIONS, + /* equiv idx, value */ 50, VALUE_OPT_DISABLE_EXTENSIONS, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ DISABLE_EXTENSIONS_FLAGS, 0, @@ -1609,8 +1638,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ DISABLE_EXTENSIONS_DESC, DISABLE_EXTENSIONS_NAME, DISABLE_EXTENSIONS_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 50, VALUE_OPT_INLINE_COMMANDS, - /* equiv idx, value */ 50, VALUE_OPT_INLINE_COMMANDS, + { /* entry idx, value */ 51, VALUE_OPT_INLINE_COMMANDS, + /* equiv idx, value */ 51, VALUE_OPT_INLINE_COMMANDS, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ INLINE_COMMANDS_FLAGS, 0, @@ -1621,8 +1650,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ INLINE_COMMANDS_DESC, INLINE_COMMANDS_NAME, INLINE_COMMANDS_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 51, VALUE_OPT_INLINE_COMMANDS_PREFIX, - /* equiv idx, value */ 51, VALUE_OPT_INLINE_COMMANDS_PREFIX, + { /* entry idx, value */ 52, VALUE_OPT_INLINE_COMMANDS_PREFIX, + /* equiv idx, value */ 52, VALUE_OPT_INLINE_COMMANDS_PREFIX, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ INLINE_COMMANDS_PREFIX_FLAGS, 0, @@ -1633,8 +1662,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ INLINE_COMMANDS_PREFIX_DESC, INLINE_COMMANDS_PREFIX_NAME, INLINE_COMMANDS_PREFIX_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 52, VALUE_OPT_PROVIDER, - /* equiv idx, value */ 52, VALUE_OPT_PROVIDER, + { /* entry idx, value */ 53, VALUE_OPT_PROVIDER, + /* equiv idx, value */ 53, VALUE_OPT_PROVIDER, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ PROVIDER_FLAGS, 0, @@ -1645,8 +1674,8 @@ static tOptDesc optDesc[OPTION_CT] = { /* desc, NAME, name */ PROVIDER_DESC, PROVIDER_NAME, PROVIDER_name, /* disablement strs */ NULL, NULL }, - { /* entry idx, value */ 53, VALUE_OPT_FIPS140_MODE, - /* equiv idx, value */ 53, VALUE_OPT_FIPS140_MODE, + { /* entry idx, value */ 54, VALUE_OPT_FIPS140_MODE, + /* equiv idx, value */ 54, VALUE_OPT_FIPS140_MODE, /* equivalenced to */ NO_EQUIVALENT, /* min, max, act ct */ 0, 1, 0, /* opt state flags */ FIPS140_MODE_FLAGS, 0, @@ -1699,21 +1728,21 @@ static tOptDesc optDesc[OPTION_CT] = { /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ /** Reference to the upper cased version of gnutls-cli. */ -#define zPROGNAME (gnutls_cli_opt_strs+4416) +#define zPROGNAME (gnutls_cli_opt_strs+4516) /** Reference to the title line for gnutls-cli usage. */ -#define zUsageTitle (gnutls_cli_opt_strs+4427) +#define zUsageTitle (gnutls_cli_opt_strs+4527) /** There is no gnutls-cli configuration file. */ #define zRcName NULL /** There are no directories to search for gnutls-cli config files. */ #define apzHomeList NULL /** The gnutls-cli program bug email address. */ -#define zBugsAddr (gnutls_cli_opt_strs+4523) +#define zBugsAddr (gnutls_cli_opt_strs+4623) /** Clarification/explanation of what gnutls-cli does. */ -#define zExplain (gnutls_cli_opt_strs+4543) +#define zExplain (gnutls_cli_opt_strs+4643) /** Extra detail explaining what gnutls-cli does. */ -#define zDetail (gnutls_cli_opt_strs+4545) +#define zDetail (gnutls_cli_opt_strs+4645) /** The full version string for gnutls-cli. */ -#define zFullVersion (gnutls_cli_opt_strs+4728) +#define zFullVersion (gnutls_cli_opt_strs+4828) /* extracted from optcode.tlib near line 364 */ #if defined(ENABLE_NLS) @@ -1725,7 +1754,7 @@ static tOptDesc optDesc[OPTION_CT] = { #endif /* ENABLE_NLS */ #define gnutls_cli_full_usage (NULL) -#define gnutls_cli_short_usage (gnutls_cli_opt_strs+4749) +#define gnutls_cli_short_usage (gnutls_cli_opt_strs+4849) #endif /* not defined __doxygen__ */ @@ -1984,7 +2013,7 @@ tOptions gnutls_cliOptions = { NO_EQUIVALENT, /* '-#' option index */ NO_EQUIVALENT /* index of default opt */ }, - 57 /* full option count */, 54 /* user option count */, + 58 /* full option count */, 55 /* user option count */, gnutls_cli_full_usage, gnutls_cli_short_usage, NULL, NULL, PKGDATADIR, gnutls_cli_packager_info @@ -2147,7 +2176,8 @@ with this program. If not, see <http://www.gnu.org/licenses/>.\n")); puts(_("Enable trust on first use authentication")); /* referenced via gnutls_cliOptions.pOptDesc->pzText */ - puts(_("Fail to connect if a known certificate has changed")); + puts(_("Fail to connect if a certificate is unknown or a known certificate has\n\ +changed")); /* referenced via gnutls_cliOptions.pOptDesc->pzText */ puts(_("Enable DANE certificate verification (DNSSEC)")); @@ -2171,6 +2201,9 @@ with this program. If not, see <http://www.gnu.org/licenses/>.\n")); puts(_("Server's hostname for server name indication extension")); /* referenced via gnutls_cliOptions.pOptDesc->pzText */ + puts(_("Server's hostname to use for validation")); + + /* referenced via gnutls_cliOptions.pOptDesc->pzText */ puts(_("Connect, establish a plain session and start TLS")); /* referenced via gnutls_cliOptions.pOptDesc->pzText */ diff --git a/src/cli-args.def b/src/cli-args.def index 8ad9a98ed3..e883320c61 100644 --- a/src/cli-args.def +++ b/src/cli-args.def @@ -85,7 +85,14 @@ flag = { name = sni-hostname; descrip = "Server's hostname for server name indication extension"; arg-type = string; - doc = "Set explicitly the server name used in the TLS server name indication extension. That is useful when testing with servers setup on different DNS name than the intended. If not specified, the provided hostname is used."; + doc = "Set explicitly the server name used in the TLS server name indication extension. That is useful when testing with servers setup on different DNS name than the intended. If not specified, the provided hostname is used. Even with this option server certificate verification still uses the hostname passed on the main commandline. Use --verify-hostname to change this."; +}; + +flag = { + name = verify-hostname; + descrip = "Server's hostname to use for validation"; + arg-type = string; + doc = "Set explicitly the server name to be used when validating the server's certificate."; }; flag = { diff --git a/src/cli-args.h.bak b/src/cli-args.h.bak index d76804c8e9..ccd5d997d3 100644 --- a/src/cli-args.h.bak +++ b/src/cli-args.h.bak @@ -77,55 +77,56 @@ typedef enum { INDEX_OPT_RESUME = 8, INDEX_OPT_REHANDSHAKE = 9, INDEX_OPT_SNI_HOSTNAME = 10, - INDEX_OPT_STARTTLS = 11, - INDEX_OPT_APP_PROTO = 12, - INDEX_OPT_STARTTLS_PROTO = 13, - INDEX_OPT_UDP = 14, - INDEX_OPT_MTU = 15, - INDEX_OPT_CRLF = 16, - INDEX_OPT_FASTOPEN = 17, - INDEX_OPT_X509FMTDER = 18, - INDEX_OPT_PRINT_CERT = 19, - INDEX_OPT_SAVE_CERT = 20, - INDEX_OPT_SAVE_OCSP = 21, - INDEX_OPT_SAVE_SERVER_TRACE = 22, - INDEX_OPT_SAVE_CLIENT_TRACE = 23, - INDEX_OPT_DH_BITS = 24, - INDEX_OPT_PRIORITY = 25, - INDEX_OPT_X509CAFILE = 26, - INDEX_OPT_X509CRLFILE = 27, - INDEX_OPT_X509KEYFILE = 28, - INDEX_OPT_X509CERTFILE = 29, - INDEX_OPT_SRPUSERNAME = 30, - INDEX_OPT_SRPPASSWD = 31, - INDEX_OPT_PSKUSERNAME = 32, - INDEX_OPT_PSKKEY = 33, - INDEX_OPT_PORT = 34, - INDEX_OPT_INSECURE = 35, - INDEX_OPT_VERIFY_ALLOW_BROKEN = 36, - INDEX_OPT_RANGES = 37, - INDEX_OPT_BENCHMARK_CIPHERS = 38, - INDEX_OPT_BENCHMARK_TLS_KX = 39, - INDEX_OPT_BENCHMARK_TLS_CIPHERS = 40, - INDEX_OPT_LIST = 41, - INDEX_OPT_PRIORITY_LIST = 42, - INDEX_OPT_NOTICKET = 43, - INDEX_OPT_SRTP_PROFILES = 44, - INDEX_OPT_ALPN = 45, - INDEX_OPT_HEARTBEAT = 46, - INDEX_OPT_RECORDSIZE = 47, - INDEX_OPT_DISABLE_SNI = 48, - INDEX_OPT_DISABLE_EXTENSIONS = 49, - INDEX_OPT_INLINE_COMMANDS = 50, - INDEX_OPT_INLINE_COMMANDS_PREFIX = 51, - INDEX_OPT_PROVIDER = 52, - INDEX_OPT_FIPS140_MODE = 53, - INDEX_OPT_VERSION = 54, - INDEX_OPT_HELP = 55, - INDEX_OPT_MORE_HELP = 56 + INDEX_OPT_VERIFY_HOSTNAME = 11, + INDEX_OPT_STARTTLS = 12, + INDEX_OPT_APP_PROTO = 13, + INDEX_OPT_STARTTLS_PROTO = 14, + INDEX_OPT_UDP = 15, + INDEX_OPT_MTU = 16, + INDEX_OPT_CRLF = 17, + INDEX_OPT_FASTOPEN = 18, + INDEX_OPT_X509FMTDER = 19, + INDEX_OPT_PRINT_CERT = 20, + INDEX_OPT_SAVE_CERT = 21, + INDEX_OPT_SAVE_OCSP = 22, + INDEX_OPT_SAVE_SERVER_TRACE = 23, + INDEX_OPT_SAVE_CLIENT_TRACE = 24, + INDEX_OPT_DH_BITS = 25, + INDEX_OPT_PRIORITY = 26, + INDEX_OPT_X509CAFILE = 27, + INDEX_OPT_X509CRLFILE = 28, + INDEX_OPT_X509KEYFILE = 29, + INDEX_OPT_X509CERTFILE = 30, + INDEX_OPT_SRPUSERNAME = 31, + INDEX_OPT_SRPPASSWD = 32, + INDEX_OPT_PSKUSERNAME = 33, + INDEX_OPT_PSKKEY = 34, + INDEX_OPT_PORT = 35, + INDEX_OPT_INSECURE = 36, + INDEX_OPT_VERIFY_ALLOW_BROKEN = 37, + INDEX_OPT_RANGES = 38, + INDEX_OPT_BENCHMARK_CIPHERS = 39, + INDEX_OPT_BENCHMARK_TLS_KX = 40, + INDEX_OPT_BENCHMARK_TLS_CIPHERS = 41, + INDEX_OPT_LIST = 42, + INDEX_OPT_PRIORITY_LIST = 43, + INDEX_OPT_NOTICKET = 44, + INDEX_OPT_SRTP_PROFILES = 45, + INDEX_OPT_ALPN = 46, + INDEX_OPT_HEARTBEAT = 47, + INDEX_OPT_RECORDSIZE = 48, + INDEX_OPT_DISABLE_SNI = 49, + INDEX_OPT_DISABLE_EXTENSIONS = 50, + INDEX_OPT_INLINE_COMMANDS = 51, + INDEX_OPT_INLINE_COMMANDS_PREFIX = 52, + INDEX_OPT_PROVIDER = 53, + INDEX_OPT_FIPS140_MODE = 54, + INDEX_OPT_VERSION = 55, + INDEX_OPT_HELP = 56, + INDEX_OPT_MORE_HELP = 57 } teOptIndex; /** count of all options for gnutls-cli */ -#define OPTION_CT 57 +#define OPTION_CT 58 /** gnutls-cli version */ #define GNUTLS_CLI_VERSION "@VERSION@" /** Full gnutls-cli version text */ @@ -193,55 +194,56 @@ typedef enum { #define VALUE_OPT_RESUME 'r' #define VALUE_OPT_REHANDSHAKE 'e' #define VALUE_OPT_SNI_HOSTNAME 0x1007 +#define VALUE_OPT_VERIFY_HOSTNAME 0x1008 #define VALUE_OPT_STARTTLS 's' -#define VALUE_OPT_APP_PROTO 0x1008 -#define VALUE_OPT_STARTTLS_PROTO 0x1009 +#define VALUE_OPT_APP_PROTO 0x1009 +#define VALUE_OPT_STARTTLS_PROTO 0x100A #define VALUE_OPT_UDP 'u' -#define VALUE_OPT_MTU 0x100A +#define VALUE_OPT_MTU 0x100B #define OPT_VALUE_MTU (DESC(MTU).optArg.argInt) -#define VALUE_OPT_CRLF 0x100B -#define VALUE_OPT_FASTOPEN 0x100C -#define VALUE_OPT_X509FMTDER 0x100D -#define VALUE_OPT_PRINT_CERT 0x100E -#define VALUE_OPT_SAVE_CERT 0x100F -#define VALUE_OPT_SAVE_OCSP 0x1010 -#define VALUE_OPT_SAVE_SERVER_TRACE 0x1011 -#define VALUE_OPT_SAVE_CLIENT_TRACE 0x1012 -#define VALUE_OPT_DH_BITS 0x1013 +#define VALUE_OPT_CRLF 0x100C +#define VALUE_OPT_FASTOPEN 0x100D +#define VALUE_OPT_X509FMTDER 0x100E +#define VALUE_OPT_PRINT_CERT 0x100F +#define VALUE_OPT_SAVE_CERT 0x1010 +#define VALUE_OPT_SAVE_OCSP 0x1011 +#define VALUE_OPT_SAVE_SERVER_TRACE 0x1012 +#define VALUE_OPT_SAVE_CLIENT_TRACE 0x1013 +#define VALUE_OPT_DH_BITS 0x1014 #define OPT_VALUE_DH_BITS (DESC(DH_BITS).optArg.argInt) -#define VALUE_OPT_PRIORITY 0x1014 -#define VALUE_OPT_X509CAFILE 0x1015 -#define VALUE_OPT_X509CRLFILE 0x1016 -#define VALUE_OPT_X509KEYFILE 0x1017 -#define VALUE_OPT_X509CERTFILE 0x1018 -#define VALUE_OPT_SRPUSERNAME 0x1019 -#define VALUE_OPT_SRPPASSWD 0x101A -#define VALUE_OPT_PSKUSERNAME 0x101B -#define VALUE_OPT_PSKKEY 0x101C +#define VALUE_OPT_PRIORITY 0x1015 +#define VALUE_OPT_X509CAFILE 0x1016 +#define VALUE_OPT_X509CRLFILE 0x1017 +#define VALUE_OPT_X509KEYFILE 0x1018 +#define VALUE_OPT_X509CERTFILE 0x1019 +#define VALUE_OPT_SRPUSERNAME 0x101A +#define VALUE_OPT_SRPPASSWD 0x101B +#define VALUE_OPT_PSKUSERNAME 0x101C +#define VALUE_OPT_PSKKEY 0x101D #define VALUE_OPT_PORT 'p' -#define VALUE_OPT_INSECURE 0x101D -#define VALUE_OPT_VERIFY_ALLOW_BROKEN 0x101E -#define VALUE_OPT_RANGES 0x101F -#define VALUE_OPT_BENCHMARK_CIPHERS 0x1020 -#define VALUE_OPT_BENCHMARK_TLS_KX 0x1021 -#define VALUE_OPT_BENCHMARK_TLS_CIPHERS 0x1022 +#define VALUE_OPT_INSECURE 0x101E +#define VALUE_OPT_VERIFY_ALLOW_BROKEN 0x101F +#define VALUE_OPT_RANGES 0x1020 +#define VALUE_OPT_BENCHMARK_CIPHERS 0x1021 +#define VALUE_OPT_BENCHMARK_TLS_KX 0x1022 +#define VALUE_OPT_BENCHMARK_TLS_CIPHERS 0x1023 #define VALUE_OPT_LIST 'l' -#define VALUE_OPT_PRIORITY_LIST 0x1023 -#define VALUE_OPT_NOTICKET 0x1024 -#define VALUE_OPT_SRTP_PROFILES 0x1025 -#define VALUE_OPT_ALPN 0x1026 +#define VALUE_OPT_PRIORITY_LIST 0x1024 +#define VALUE_OPT_NOTICKET 0x1025 +#define VALUE_OPT_SRTP_PROFILES 0x1026 +#define VALUE_OPT_ALPN 0x1027 #define VALUE_OPT_HEARTBEAT 'b' -#define VALUE_OPT_RECORDSIZE 0x1027 +#define VALUE_OPT_RECORDSIZE 0x1028 #define OPT_VALUE_RECORDSIZE (DESC(RECORDSIZE).optArg.argInt) -#define VALUE_OPT_DISABLE_SNI 0x1028 -#define VALUE_OPT_DISABLE_EXTENSIONS 0x1029 -#define VALUE_OPT_INLINE_COMMANDS 0x102A -#define VALUE_OPT_INLINE_COMMANDS_PREFIX 0x102B -#define VALUE_OPT_PROVIDER 0x102C -#define VALUE_OPT_FIPS140_MODE 0x102D +#define VALUE_OPT_DISABLE_SNI 0x1029 +#define VALUE_OPT_DISABLE_EXTENSIONS 0x102A +#define VALUE_OPT_INLINE_COMMANDS 0x102B +#define VALUE_OPT_INLINE_COMMANDS_PREFIX 0x102C +#define VALUE_OPT_PROVIDER 0x102D +#define VALUE_OPT_FIPS140_MODE 0x102E /** option flag (value) for help-value option */ #define VALUE_OPT_HELP 'h' /** option flag (value) for more-help-value option */ @@ -325,6 +325,7 @@ static int cert_verify_callback(gnutls_session_t session) int ca_verify = ENABLED_OPT(CA_VERIFICATION); const char *txt_service; gnutls_datum_t oresp; + const char *host; /* On an session with TOFU the PKI/DANE verification * become advisory. @@ -334,6 +335,11 @@ static int cert_verify_callback(gnutls_session_t session) ssh = strictssh; } + if (HAVE_OPT(VERIFY_HOSTNAME)) + host = OPT_ARG(VERIFY_HOSTNAME); + else + host = hostname; + /* Save certificate and OCSP response */ if (HAVE_OPT(SAVE_CERT)) { try_save_cert(session); @@ -357,7 +363,7 @@ static int cert_verify_callback(gnutls_session_t session) print_cert_info(session, verbose, print_cert); if (ca_verify) { - rc = cert_verify(session, hostname, GNUTLS_KP_TLS_WWW_SERVER); + rc = cert_verify(session, host, GNUTLS_KP_TLS_WWW_SERVER); if (rc == 0) { printf ("*** PKI verification of server certificate failed...\n"); @@ -391,7 +397,7 @@ static int cert_verify_callback(gnutls_session_t session) vflags |= DANE_VFLAG_ONLY_CHECK_EE_USAGE; port = service_to_port(service, udp?"udp":"tcp"); - rc = dane_verify_session_crt(NULL, session, hostname, + rc = dane_verify_session_crt(NULL, session, host, udp ? "udp" : "tcp", port, sflags, vflags, &status); if (rc < 0) { @@ -436,17 +442,17 @@ static int cert_verify_callback(gnutls_session_t session) txt_service = port_to_service(service, udp?"udp":"tcp"); - rc = gnutls_verify_stored_pubkey(NULL, NULL, hostname, + rc = gnutls_verify_stored_pubkey(NULL, NULL, host, txt_service, GNUTLS_CRT_X509, cert, 0); if (rc == GNUTLS_E_NO_CERTIFICATE_FOUND) { fprintf(stderr, "Host %s (%s) has never been contacted before.\n", - hostname, txt_service); + host, txt_service); if (status == 0) fprintf(stderr, "Its certificate is valid for %s.\n", - hostname); + host); if (strictssh) return -1; @@ -458,13 +464,13 @@ static int cert_verify_callback(gnutls_session_t session) } else if (rc == GNUTLS_E_CERTIFICATE_KEY_MISMATCH) { fprintf(stderr, "Warning: host %s is known and it is associated with a different key.\n", - hostname); + host); fprintf(stderr, "It might be that the server has multiple keys, or an attacker replaced the key to eavesdrop this connection .\n"); if (status == 0) fprintf(stderr, "Its certificate is valid for %s.\n", - hostname); + host); if (strictssh) return -1; @@ -481,7 +487,7 @@ static int cert_verify_callback(gnutls_session_t session) } if (rc != 0) { - rc = gnutls_store_pubkey(NULL, NULL, hostname, + rc = gnutls_store_pubkey(NULL, NULL, host, txt_service, GNUTLS_CRT_X509, cert, 0, 0); diff --git a/tests/sni-hostname.sh b/tests/sni-hostname.sh index ec01e0fda1..afc2a0099b 100755 --- a/tests/sni-hostname.sh +++ b/tests/sni-hostname.sh @@ -16,9 +16,8 @@ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # -# You should have received a copy of the GNU General Public License -# along with GnuTLS; if not, write to the Free Software Foundation, -# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +# You should have received a copy of the GNU Lesser General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/> srcdir="${srcdir:-.}" SERV="${SERV:-../src/gnutls-serv${EXEEXT}}" @@ -46,19 +45,34 @@ SERV="${SERV} -q" . "${srcdir}/scripts/common.sh" +KEY1=${srcdir}/../doc/credentials/x509/example.com-key.pem +CERT1=${srcdir}/../doc/credentials/x509/example.com-cert.pem +CA1=${srcdir}/../doc/credentials/x509/ca.pem + echo "Checking SNI hostname in gnutls-cli" +OPTS="--sni-hostname example.com --verify-hostname example.com" +NOOPTS="--sni-hostname noexample.com --verify-hostname example.com" + eval "${GETPORT}" -launch_server $$ --echo --priority "NORMAL:+ANON-ECDH" --sni-hostname-fatal --sni-hostname example.com +launch_server $$ --echo --sni-hostname-fatal --sni-hostname example.com --x509keyfile ${KEY1} --x509certfile ${CERT1} PID=$! wait_server ${PID} -${VALGRIND} "${CLI}" -p "${PORT}" 127.0.0.1 --sni-hostname example.com --priority "NORMAL:+ANON-ECDH:+ANON-DH" </dev/null >/dev/null || \ - fail ${PID} "1. rehandshake should have succeeded!" +${VALGRIND} "${CLI}" -p "${PORT}" 127.0.0.1 ${OPTS} --priority "NORMAL:-VERS-ALL:+VERS-TLS1.2" --x509cafile ${CA1} </dev/null >/dev/null || \ + fail ${PID} "1. handshake should have succeeded!" + +${VALGRIND} "${CLI}" -p "${PORT}" 127.0.0.1 ${NOOPTS} --priority "NORMAL:-VERS-ALL:+VERS-TLS1.2" --x509cafile ${CA1} </dev/null >/dev/null && \ + fail ${PID} "2. handshake should have failed!" + +${VALGRIND} "${CLI}" -p "${PORT}" 127.0.0.1 ${OPTS} --priority "NORMAL" --x509cafile ${CA1} </dev/null >/dev/null || \ + fail ${PID} "3. handshake should have succeeded!" -${VALGRIND} "${CLI}" -p "${PORT}" 127.0.0.1 --sni-hostname noexample.com --priority "NORMAL:+ANON-ECDH:+ANON-DH" </dev/null >/dev/null && \ - fail ${PID} "2. rehandshake should have failed!" +${VALGRIND} "${CLI}" -p "${PORT}" 127.0.0.1 ${NOOPTS} --priority "NORMAL" --x509cafile ${CA1} </dev/null >/dev/null && \ + fail ${PID} "4. handshake should have failed!" +${VALGRIND} "${CLI}" -p "${PORT}" 127.0.0.1 --sni-hostname example.com --priority "NORMAL" --x509cafile ${CA1} </dev/null >/dev/null && \ + fail ${PID} "5. handshake should have failed!" kill ${PID} wait |