[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls-3_0_12-55-g918ea24
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls-3_0_12-55-g918ea24 |
|
Date: |
Mon, 23 Jan 2012 19:58:05 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=918ea24be3befedf1ae956a2cadc6a396ec178a4
The branch, master has been updated
via 918ea24be3befedf1ae956a2cadc6a396ec178a4 (commit)
via a0c6659d49ead8e65a28d8d421b96546025d0cd9 (commit)
via af05d80baa2b3222f967a97265840e387e7060c6 (commit)
via 5ed7b64a5ea61829a7e0691176ba31600355a247 (commit)
from 134815f1c46b9b9a05cadbe2345be9b9d1326e49 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 918ea24be3befedf1ae956a2cadc6a396ec178a4
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Mon Jan 23 20:59:41 2012 +0100
ocsptool uses libopts
commit a0c6659d49ead8e65a28d8d421b96546025d0cd9
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Mon Jan 23 20:58:28 2012 +0100
updated inder and inraw commands.
commit af05d80baa2b3222f967a97265840e387e7060c6
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Mon Jan 23 20:14:08 2012 +0100
the short version of --help is -h.
commit 5ed7b64a5ea61829a7e0691176ba31600355a247
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Mon Jan 23 20:04:04 2012 +0100
Added gnutls_pkcs11_reinit().
-----------------------------------------------------------------------
Summary of changes:
.gitignore | 4 +
NEWS | 6 ++-
configure.ac | 1 +
doc/cha-cert-auth2.texi | 6 ++
doc/manpages/Makefile.am | 5 +-
lib/includes/gnutls/pkcs11.h | 1 +
lib/libgnutls.map | 3 +
lib/pkcs11.c | 28 +++++++
src/Makefile.am | 16 ++---
src/certtool-args.def.in | 2 +-
src/cli-args.def.in | 1 +
src/cli-debug-args.def.in | 1 +
src/ocsptool-args.def.in | 164 ++++++++++++++++++++++++++++++++++++++++++
src/ocsptool.c | 129 +++++++++++++--------------------
src/ocsptool.gaa | 76 -------------------
src/p11tool-args.def.in | 8 ++-
src/p11tool.c | 4 +-
src/psk-args.def.in | 1 +
src/serv-args.def.in | 1 +
src/srptool-args.def.in | 1 +
20 files changed, 288 insertions(+), 170 deletions(-)
create mode 100644 src/ocsptool-args.def.in
delete mode 100644 src/ocsptool.gaa
diff --git a/.gitignore b/.gitignore
index 00190be..ffaaf50 100644
--- a/.gitignore
+++ b/.gitignore
@@ -584,3 +584,7 @@ src/certtool-args.def
src/certtool-args.h
doc/manpages/certtool.1
doc/stamp_enums
+src/ocsptool-args.c
+src/ocsptool-args.h
+src/ocsptool-args.def
+doc/manpages/ocsptool.1
diff --git a/NEWS b/NEWS
index fdb8bfe..6c78c4e 100644
--- a/NEWS
+++ b/NEWS
@@ -17,10 +17,14 @@ sent that one.
** libgnutls: Added functions to parse authority key identifiers
when stored as a 'general name' and serial combo.
+** libgnutls: Added function to force explicit reinitialization
+of PKCS #11 modules. This is required on the child process after
+a fork.
+
** API and ABI modifications:
gnutls_x509_crt_get_authority_key_gn_serial: Added
gnutls_x509_crl_get_authority_key_gn_serial: Added
-
+gnutls_pkcs11_reinit: Added
* Version 3.0.12 (released 2012-01-20)
diff --git a/configure.ac b/configure.ac
index 860fcc0..1aa6d78 100644
--- a/configure.ac
+++ b/configure.ac
@@ -488,6 +488,7 @@ AC_CONFIG_FILES([
po/Makefile.in
src/Makefile
src/certtool-args.def
+ src/ocsptool-args.def
src/cli-args.def
src/serv-args.def
src/cli-debug-args.def
diff --git a/doc/cha-cert-auth2.texi b/doc/cha-cert-auth2.texi
index 1a41086..251d73f 100644
--- a/doc/cha-cert-auth2.texi
+++ b/doc/cha-cert-auth2.texi
@@ -982,6 +982,12 @@ are sharing a module. To avoid this problem GnuTLS uses
@acronym{p11-kit}
that provides a middleware to control access to resources over the
multiple users.
+Moreover PKCS #11 modules must be reinitialized on the child processes
+after a @funcintref{fork}. @acronym{GnuTLS} provides
@funcref{gnutls_pkcs11_reinit}
+to be called for this purpose.
+
address@hidden
+
@node Reading objects
@subsection Reading objects
diff --git a/doc/manpages/Makefile.am b/doc/manpages/Makefile.am
index d8bd888..2194e02 100644
--- a/doc/manpages/Makefile.am
+++ b/doc/manpages/Makefile.am
@@ -20,7 +20,7 @@
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
dist_man_MANS = gnutls-cli.1 gnutls-cli-debug.1 gnutls-serv.1 \
- certtool.1 psktool.1 p11tool.1
+ certtool.1 psktool.1 p11tool.1 ocsptool.1
if ENABLE_SRP
dist_man_MANS += srptool.1
@@ -29,6 +29,9 @@ endif
certtool.1: ../../src/certtool-args.def
-autogen -DMAN_SECTION=1 -Tagman-cmd.tpl $<
+ocsptool.1: ../../src/ocsptool-args.def
+ -autogen -DMAN_SECTION=1 -Tagman-cmd.tpl $<
+
gnutls-cli.1: ../../src/cli-args.def
-autogen -DMAN_SECTION=1 -Tagman-cmd.tpl $<
diff --git a/lib/includes/gnutls/pkcs11.h b/lib/includes/gnutls/pkcs11.h
index 9197661..1382954 100644
--- a/lib/includes/gnutls/pkcs11.h
+++ b/lib/includes/gnutls/pkcs11.h
@@ -130,6 +130,7 @@ typedef struct gnutls_pkcs11_obj_st *gnutls_pkcs11_obj_t;
*/
int gnutls_pkcs11_init (unsigned int flags, const char
*deprecated_config_file);
+int gnutls_pkcs11_reinit (void);
void gnutls_pkcs11_deinit (void);
void gnutls_pkcs11_set_token_function (gnutls_pkcs11_token_callback_t fn,
void *userdata);
diff --git a/lib/libgnutls.map b/lib/libgnutls.map
index 0c68c71..cf3792c 100644
--- a/lib/libgnutls.map
+++ b/lib/libgnutls.map
@@ -762,6 +762,9 @@ GNUTLS_3_0_0 {
gnutls_pubkey_encrypt_data;
gnutls_x509_dn_oid_name;
gnutls_session_resumption_requested;
+ gnutls_pkcs11_reinit;
+ gnutls_x509_crt_get_authority_key_gn_serial;
+ gnutls_x509_crl_get_authority_key_gn_serial;
} GNUTLS_2_12;
GNUTLS_PRIVATE {
diff --git a/lib/pkcs11.c b/lib/pkcs11.c
index 8b1d3c5..a988471 100644
--- a/lib/pkcs11.c
+++ b/lib/pkcs11.c
@@ -566,6 +566,34 @@ gnutls_pkcs11_init (unsigned int flags, const char
*deprecated_config_file)
}
/**
+ * gnutls_pkcs11_reinit:
+ *
+ * This function will reinitialize the PKCS 11 subsystem in gnutls.
+ * This is required by PKCS 11 when an application uses fork(). The
+ * reinitialization function must be called on the child.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
+ * negative error value.
+ *
+ * Since: 3.0.0
+ **/
+int gnutls_pkcs11_reinit (void)
+{
+ int rv;
+
+ rv = p11_kit_initialize_registered ();
+ if (rv != CKR_OK)
+ {
+ gnutls_assert ();
+ _gnutls_debug_log ("Cannot initialize registered module: %s\n",
+ p11_kit_strerror (rv));
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ return 0;
+}
+
+/**
* gnutls_pkcs11_deinit:
*
* This function will deinitialize the PKCS 11 subsystem in gnutls.
diff --git a/src/Makefile.am b/src/Makefile.am
index 11cdfcb..6f1e4c9 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -73,10 +73,10 @@ endif
if ENABLE_OCSP
ocsptool_SOURCES = ocsptool.c ocsptool-common.h
-ocsptool_LDADD = ../lib/libgnutls.la libcmd-ocsp.la ../gl/libgnu.la
+ocsptool_LDADD = ../lib/libgnutls.la libcmd-ocsp.la ../gl/libgnu.la
$(LIBOPTS_LDADD)
noinst_LTLIBRARIES += libcmd-ocsp.la
libcmd_ocsp_la_CFLAGS =
-libcmd_ocsp_la_SOURCES = ocsptool.gaa ocsptool-gaa.h ocsptool-gaa.c
+libcmd_ocsp_la_SOURCES = ocsptool-args.def ocsptool-args.h ocsptool-args.c
endif
psktool_SOURCES = psk.c
@@ -134,13 +134,11 @@ libcmd_p11tool_la_LIBADD += ../gl/libgnu.la
$(INET_PTON_LIB)
endif # ENABLE_PKCS11
-psk-gaa.c: $(srcdir)/psk.gaa
- -$(GAA) $< -o psk-gaa.c -i psk-gaa.h
-ocsptool-gaa.c: $(srcdir)/ocsptool.gaa
- -$(GAA) $< -o ocsptool-gaa.c -i ocsptool-gaa.h
+ocsptool-args.c: $(srcdir)/ocsptool-args.def
+ -autogen $<
if ENABLE_PKCS11
-p11tool-gaa.c: $(srcdir)/p11tool.gaa
- -$(GAA) $< -o p11tool-gaa.c -i p11tool-gaa.h
+p11tool-args.c: $(srcdir)/p11tool-args.def
+ -autogen $<
endif
psk-args.c: $(srcdir)/psk-args.def
-autogen $<
@@ -152,7 +150,5 @@ serv-args.c: $(srcdir)/serv-args.def
-autogen $<
srptool-args.c: $(srcdir)/srptool-args.def
-autogen $<
-p11tool-args.c: $(srcdir)/p11tool-args.def
- -autogen $<
certtool-args.c: $(srcdir)/certtool-args.def
-autogen $<
diff --git a/src/certtool-args.def.in b/src/certtool-args.def.in
index 9332b9a..acf516a 100644
--- a/src/certtool-args.def.in
+++ b/src/certtool-args.def.in
@@ -3,7 +3,7 @@ prog-name = certtool;
prog-title = "GnuTLS PKCS #11 tool";
prog-desc = "Manipulate certificates and private keys.";
detail = "Tool to parse and generate X.509 certificates, requests and
private keys.";
-
+help-value = "h";
short-usage = "certtool [options] [url]\ncerttool --help for usage
instructions.\n";
prog-group = "GnuTLS";
explain = "";
diff --git a/src/cli-args.def.in b/src/cli-args.def.in
index 83d65db..6bbd604 100644
--- a/src/cli-args.def.in
+++ b/src/cli-args.def.in
@@ -2,6 +2,7 @@ AutoGen Definitions options;
prog-name = gnutls-cli;
prog-title = "GnuTLS client";
prog-desc = "Simple client program to set up a TLS connection.";
+help-value = "h";
short-usage = "Usage: gnutls-cli [options] hostname\ngnutls-cli --help for
usage instructions.\n";
prog-group = "GnuTLS";
explain = "";
diff --git a/src/cli-debug-args.def.in b/src/cli-debug-args.def.in
index 9a1e2d8..1aa6b7a 100644
--- a/src/cli-debug-args.def.in
+++ b/src/cli-debug-args.def.in
@@ -2,6 +2,7 @@ AutoGen Definitions options;
prog-name = gnutls-cli-debug;
prog-title = "GnuTLS debug client";
prog-desc = "Simple client program to check TLS server capabilities.";
+help-value = "h";
short-usage = "Usage: gnutls-cli-debug [options] hostname\ngnutls-cli --help
for usage instructions.\n";
prog-group = "GnuTLS";
explain = "";
diff --git a/src/ocsptool-args.def.in b/src/ocsptool-args.def.in
new file mode 100644
index 0000000..70182b6
--- /dev/null
+++ b/src/ocsptool-args.def.in
@@ -0,0 +1,164 @@
+AutoGen Definitions options;
+prog-name = ocsptool;
+prog-title = "GnuTLS OCSP tool";
+prog-desc = "Program to handle OCSP request/responses.";
+help-value = "h";
+detail = "Ocsptool can parse OCSP request/responses, generate OCSP requests
and verify OCSP responses.";
+
+short-usage = "ocsptool [options]\nocsptool --help for usage
instructions.\n";
+prog-group = "GnuTLS";
+explain = "";
+gnu-usage;
+no-xlate = opt;
+no-misuse-usage;
+disable-save;
+long-opts;
+config-header = 'config.h';
+export = '#include <gettext.h>';
+
+copyright = {
+ date = "2012";
+ owner = "Free Software Foundation";
+ author = "Simon Josefsson and others; see
/usr/share/doc/gnutls-bin/AUTHORS for a complete list.";
+ eaddr = "address@hidden";
+ type = gpl;
+};
+version = "@VERSION@";
+
+flag = {
+ name = debug;
+ value = d;
+ arg-type = number;
+ arg-default = 0;
+ arg-range = "0 -> 9999";
+ descrip = "Enable debugging.";
+ doc = "Specifies the debug level.";
+};
+
+flag = {
+ name = verify-response;
+ value = e;
+ descrip = "Verify response";
+ doc = "";
+};
+
+flag = {
+ name = request-info;
+ value = i;
+ descrip = "Print information on a OCSP request";
+ doc = "";
+};
+
+flag = {
+ name = response-info;
+ value = j;
+ descrip = "Print information on a OCSP response";
+ doc = "";
+};
+
+flag = {
+ name = generate-request;
+ value = q;
+ descrip = "Generate an OCSP request";
+ doc = "";
+};
+
+flag = {
+ name = nonce;
+ disabled = yes;
+ disable = "no";
+ descrip = "Don't add nonce to OCSP request";
+ doc = "";
+};
+
+flag = {
+ name = load-issuer;
+ arg-type = file;
+ file-exists = yes;
+ descrip = "Read issuer certificate from file";
+ doc = "";
+};
+
+flag = {
+ name = load-cert;
+ arg-type = file;
+ file-exists = yes;
+ descrip = "Read certificate to check from file";
+ doc = "";
+};
+
+flag = {
+ name = load-trust;
+ arg-type = file;
+ file-exists = yes;
+ descrip = "Read OCSP trust anchors from file";
+ flags-cant = load-signer;
+ doc = "";
+};
+
+flag = {
+ name = load-signer;
+ arg-type = file;
+ file-exists = yes;
+ descrip = "Read OCSP response signer from file";
+ flags-cant = load-trust;
+ doc = "";
+};
+
+flag = {
+ name = inder;
+ disabled;
+ disable = "no";
+ descrip = "Use DER format for input certificates and private keys";
+ doc = "";
+};
+
+flag = {
+ name = load-request;
+ value = Q;
+ arg-type = file;
+ file-exists = yes;
+ descrip = "Read DER encoded OCSP request from file";
+ doc = "";
+};
+
+flag = {
+ name = load-response;
+ value = S;
+ arg-type = file;
+ file-exists = yes;
+ descrip = "Read DER encoded OCSP response from file";
+ doc = "";
+};
+
+flag = {
+ name = outfile;
+ arg-type = string;
+ descrip = "Output file";
+ doc = "";
+};
+
+flag = {
+ name = infile;
+ arg-type = file;
+ file-exists = yes;
+ descrip = "Input file";
+ doc = "";
+};
+
+flag = {
+ name = verbose;
+ value = V;
+ max = NOLIMIT;
+ descrip = "More verbose output";
+ doc = "";
+};
+
+doc-section = {
+ ds-type = 'SEE ALSO';
+ ds-format = 'man';
+ ds-text = <<-_EOT_
+ certtool (1)
+_EOT_;
+};
+
diff --git a/src/ocsptool.c b/src/ocsptool.c
index bd35a10..c90e6a9 100644
--- a/src/ocsptool.c
+++ b/src/ocsptool.c
@@ -37,11 +37,11 @@
#include <read-file.h>
#include <ocsptool-common.h>
-#include <ocsptool-gaa.h>
+#include <ocsptool-args.h>
-gaainfo info;
FILE *outfile;
FILE *infile;
+static unsigned int encoding;
static void
tls_log_func (int level, const char *str)
@@ -61,8 +61,8 @@ request_info (void)
if (ret < 0)
error (EXIT_FAILURE, 0, "ocsp_req_init: %s", gnutls_strerror (ret));
- if (info.req)
- dat.data = (void*)read_binary_file (info.req, &size);
+ if (HAVE_OPT(LOAD_REQUEST))
+ dat.data = (void*)read_binary_file (OPT_ARG(LOAD_REQUEST), &size);
else
dat.data = (void*)fread_file (infile, &size);
if (dat.data == NULL)
@@ -96,8 +96,8 @@ response_info (void)
if (ret < 0)
error (EXIT_FAILURE, 0, "ocsp_resp_init: %s", gnutls_strerror (ret));
- if (info.resp)
- dat.data = (void*)read_binary_file (info.resp, &size);
+ if (HAVE_OPT(LOAD_RESPONSE))
+ dat.data = (void*)read_binary_file (OPT_ARG(LOAD_RESPONSE), &size);
else
dat.data = (void*)fread_file (infile, &size);
if (dat.data == NULL)
@@ -127,24 +127,24 @@ load_issuer (void)
gnutls_datum_t dat;
size_t size;
- if (info.issuer == NULL)
+ if (!HAVE_OPT(LOAD_ISSUER))
error (EXIT_FAILURE, 0, "missing --load-issuer");
ret = gnutls_x509_crt_init (&crt);
if (ret < 0)
error (EXIT_FAILURE, 0, "crt_init: %s", gnutls_strerror (ret));
- dat.data = (void*)read_binary_file (info.issuer, &size);
+ dat.data = (void*)read_binary_file (OPT_ARG(LOAD_ISSUER), &size);
dat.size = size;
if (!dat.data)
- error (EXIT_FAILURE, errno, "reading --load-issuer: %s", info.issuer);
+ error (EXIT_FAILURE, errno, "reading --load-issuer: %s",
OPT_ARG(LOAD_ISSUER));
- ret = gnutls_x509_crt_import (crt, &dat, info.inder);
+ ret = gnutls_x509_crt_import (crt, &dat, encoding);
free (dat.data);
if (ret < 0)
error (EXIT_FAILURE, 0, "importing --load-issuer: %s: %s",
- info.issuer, gnutls_strerror (ret));
+ OPT_ARG(LOAD_ISSUER), gnutls_strerror (ret));
return crt;
}
@@ -157,24 +157,24 @@ load_cert (void)
gnutls_datum_t dat;
size_t size;
- if (info.cert == NULL)
+ if (!HAVE_OPT(LOAD_CERT))
error (EXIT_FAILURE, 0, "missing --load-cert");
ret = gnutls_x509_crt_init (&crt);
if (ret < 0)
error (EXIT_FAILURE, 0, "crt_init: %s", gnutls_strerror (ret));
- dat.data = (void*)read_binary_file (info.cert, &size);
+ dat.data = (void*)read_binary_file (OPT_ARG(LOAD_CERT), &size);
dat.size = size;
if (!dat.data)
- error (EXIT_FAILURE, errno, "reading --load-cert: %s", info.cert);
+ error (EXIT_FAILURE, errno, "reading --load-cert: %s", OPT_ARG(LOAD_CERT));
- ret = gnutls_x509_crt_import (crt, &dat, info.inder);
+ ret = gnutls_x509_crt_import (crt, &dat, encoding);
free (dat.data);
if (ret < 0)
error (EXIT_FAILURE, 0, "importing --load-cert: %s: %s",
- info.cert, gnutls_strerror (ret));
+ OPT_ARG(LOAD_CERT), gnutls_strerror (ret));
return crt;
}
@@ -202,7 +202,7 @@ generate_request (void)
gnutls_x509_crt_deinit (cert);
gnutls_x509_crt_deinit (issuer);
- if (!info.nononce)
+ if (ENABLED_OPT(NONCE))
{
unsigned char noncebuf[23];
gnutls_datum_t nonce = { noncebuf, sizeof (noncebuf) };
@@ -318,8 +318,8 @@ verify_response (void)
if (ret < 0)
error (EXIT_FAILURE, 0, "ocsp_resp_init: %s", gnutls_strerror (ret));
- if (info.resp)
- dat.data = (void*)read_binary_file (info.resp, &size);
+ if (HAVE_OPT(LOAD_RESPONSE))
+ dat.data = (void*)read_binary_file (OPT_ARG(LOAD_RESPONSE), &size);
else
dat.data = (void*)fread_file (infile, &size);
if (dat.data == NULL)
@@ -331,13 +331,11 @@ verify_response (void)
if (ret < 0)
error (EXIT_FAILURE, 0, "importing response: %s", gnutls_strerror (ret));
- if (info.trust && info.signer)
- error (EXIT_FAILURE, 0, "cannot mix --load-trust and --load-signer");
- else if (info.signer == NULL)
+ if (!HAVE_OPT(LOAD_SIGNER) && HAVE_OPT(LOAD_TRUST))
{
- dat.data = (void*)read_binary_file (info.trust, &size);
+ dat.data = (void*)read_binary_file (OPT_ARG(LOAD_TRUST), &size);
if (dat.data == NULL)
- error (EXIT_FAILURE, errno, "reading --load-trust: %s", info.trust);
+ error (EXIT_FAILURE, errno, "reading --load-trust: %s",
OPT_ARG(LOAD_TRUST));
dat.size = size;
ret = gnutls_x509_trust_list_init (&list, 0);
@@ -351,7 +349,7 @@ verify_response (void)
error (EXIT_FAILURE, 0, "error parsing CAs: %s",
gnutls_strerror (ret));
- if (info.verbose)
+ if (HAVE_OPT(VERBOSE))
{
unsigned int i;
for (i = 0; i < x509_ncas; i++)
@@ -374,7 +372,7 @@ verify_response (void)
error (EXIT_FAILURE, 0, "gnutls_x509_trust_add_cas: %s",
gnutls_strerror (ret));
- if (info.verbose)
+ if (HAVE_OPT(VERBOSE))
fprintf (stdout, "Loaded %d trust anchors\n", x509_ncas);
ret = gnutls_ocsp_resp_verify (resp, list, &verify, 0);
@@ -382,24 +380,24 @@ verify_response (void)
error (EXIT_FAILURE, 0, "gnutls_ocsp_resp_verify: %s",
gnutls_strerror (ret));
}
- else if (info.trust == NULL)
+ else if (!HAVE_OPT(LOAD_TRUST) && HAVE_OPT(LOAD_SIGNER))
{
ret = gnutls_x509_crt_init (&signer);
if (ret < 0)
error (EXIT_FAILURE, 0, "crt_init: %s", gnutls_strerror (ret));
- dat.data = (void*)read_binary_file (info.signer, &size);
+ dat.data = (void*)read_binary_file (OPT_ARG(LOAD_SIGNER), &size);
if (dat.data == NULL)
- error (EXIT_FAILURE, errno, "reading --load-signer: %s", info.signer);
+ error (EXIT_FAILURE, errno, "reading --load-signer: %s",
OPT_ARG(LOAD_SIGNER));
dat.size = size;
- ret = gnutls_x509_crt_import (signer, &dat, info.inder);
+ ret = gnutls_x509_crt_import (signer, &dat, encoding);
free (dat.data);
if (ret < 0)
error (EXIT_FAILURE, 0, "importing --load-signer: %s: %s",
- info.signer, gnutls_strerror (ret));
+ OPT_ARG(LOAD_SIGNER), gnutls_strerror (ret));
- if (info.verbose)
+ if (HAVE_OPT(VERBOSE))
{
gnutls_datum_t out;
@@ -437,70 +435,47 @@ main (int argc, char **argv)
if ((ret = gnutls_global_init ()) < 0)
error (EXIT_FAILURE, 0, "global_init: %s", gnutls_strerror (ret));
- if (gaa (argc, argv, &info) != -1)
- {
- fprintf (stderr, "Try `%s --help' for more information.\n",
- program_name);
- exit (EXIT_FAILURE);
- }
+ optionProcess( &ocsptoolOptions, argc, argv);
gnutls_global_set_log_function (tls_log_func);
- gnutls_global_set_log_level (info.debug);
+ gnutls_global_set_log_level (OPT_VALUE_DEBUG);
- if (info.outfile)
+ if (HAVE_OPT(OUTFILE))
{
- outfile = fopen (info.outfile, "wb");
+ outfile = fopen (OPT_ARG(OUTFILE), "wb");
if (outfile == NULL)
- error (EXIT_FAILURE, errno, "%s", info.outfile);
+ error (EXIT_FAILURE, errno, "%s", OPT_ARG(OUTFILE));
}
else
outfile = stdout;
- if (info.infile)
+ if (HAVE_OPT(INFILE))
{
- infile = fopen (info.infile, "rb");
+ infile = fopen (OPT_ARG(INFILE), "rb");
if (infile == NULL)
- error (EXIT_FAILURE, errno, "%s", info.infile);
+ error (EXIT_FAILURE, errno, "%s", OPT_ARG(INFILE));
}
else
infile = stdin;
- if (info.inder)
- info.inder = GNUTLS_X509_FMT_DER;
+ if (ENABLED_OPT(INDER))
+ encoding = GNUTLS_X509_FMT_DER;
else
- info.inder = GNUTLS_X509_FMT_PEM;
-
- switch (info.action)
+ encoding = GNUTLS_X509_FMT_PEM;
+
+ if (HAVE_OPT(REQUEST_INFO))
+ request_info ();
+ else if (HAVE_OPT(RESPONSE_INFO))
+ response_info ();
+ else if (HAVE_OPT(GENERATE_REQUEST))
+ generate_request ();
+ else if (HAVE_OPT(VERIFY_RESPONSE))
+ verify_response ();
+ else
{
- case ACTION_REQ_INFO:
- request_info ();
- break;
-
- case ACTION_RESP_INFO:
- response_info ();
- break;
-
- case ACTION_GEN_REQ:
- generate_request ();
- break;
-
- case ACTION_VERIFY_RESP:
- verify_response ();
- break;
-
- default:
- gaa_help();
+ USAGE(1);
}
return 0;
}
-void
-ocsptool_version (void)
-{
- const char *p = PACKAGE_NAME;
- if (strcmp (gnutls_check_version (NULL), PACKAGE_VERSION) != 0)
- p = PACKAGE_STRING;
- version_etc (stdout, "ocsptool", p, gnutls_check_version (NULL),
- "Simon Josefsson", (char *) NULL);
-}
diff --git a/src/ocsptool.gaa b/src/ocsptool.gaa
deleted file mode 100644
index 1f0195d..0000000
--- a/src/ocsptool.gaa
+++ /dev/null
@@ -1,76 +0,0 @@
-#{
-
-/* C declarations */
-
-#include <config.h>
-#ifdef _WIN32
-# include <io.h>
-#endif
-
-#include "ocsptool-common.h"
-
-#}
-
-helpnode "Ocsptool help\nUsage : ocsptool [options]"
-
-#int action;
-
-option (e, verify-response) { $action = ACTION_VERIFY_RESP; } "Verify
response."
-
-option (i, request-info) { $action = ACTION_REQ_INFO; } "Print information on
a OCSP request."
-
-option (j, response-info) { $action = ACTION_RESP_INFO; } "Print information
on a OCSP response."
-
-option (q, generate-request) { $action = ACTION_GEN_REQ; } "Generate a OCSP
request."
-
-#int nononce;
-option (no-nonce) { $nononce = 1 } "don't add nonce to OCSP request."
-
-#char *issuer;
-option (load-issuer) STR "FILE" { $issuer = $1 } "read issuer certificate from
FILE."
-
-#char *cert;
-option (load-cert) STR "FILE" { $cert = $1 } "read certificate to check from
FILE."
-
-#char *trust;
-option (load-trust) STR "FILE" { $trust = $1 } "read OCSP trust anchors from
FILE."
-
-#char *signer;
-option (load-signer) STR "FILE" { $signer = $1 } "read OCSP response signer
from FILE."
-
-#int inder;
-option (inder) { $inder=1 } "Use DER format for input certificates."
-
-#char *req;
-option (Q, load-request) STR "FILE" { $req = $1 } "read DER encoded OCSP
request from FILE."
-
-#char *resp;
-option (S, load-response) STR "FILE" { $resp = $1 } "read DER encoded OCSP
response from FILE."
-
-#char *outfile;
-option (outfile) STR "FILE" { $outfile = $1 } "Output file."
-
-#char *infile;
-option (infile) STR "FILE" { $infile = $1 } "Input file."
-
-#int verbose;
-option (V, verbose) { $verbose = 1 } "More verbose output."
-
-#int debug;
-option (d, debug) INT "integer" { $debug = $1 } "Enable debugging"
-
-option (v, version) { ocsptool_version(); exit(0); } "prints the program's
version number"
-option (h, help) { gaa_help(); exit(0); } "shows this help text"
-
-init { $action = ACTION_NONE;
- $nononce = 0;
- $inder = 0;
- $issuer = NULL;
- $cert = NULL;
- $trust = NULL;
- $req = NULL;
- $resp = NULL;
- $outfile = NULL;
- $infile = NULL;
- $verbose = 0;
- $debug = 0; }
diff --git a/src/p11tool-args.def.in b/src/p11tool-args.def.in
index a27765f..ea4839f 100644
--- a/src/p11tool-args.def.in
+++ b/src/p11tool-args.def.in
@@ -2,6 +2,7 @@ AutoGen Definitions options;
prog-name = p11tool;
prog-title = "GnuTLS PKCS #11 tool";
prog-desc = "Program to handle PKCS #11 smart cards and security
modules.\n";
+help-value = "h";
detail = "Program that allows handling data from PKCS #11 smart cards
and security modules.
@@ -218,14 +219,15 @@ flag = {
flag = {
name = inder;
- descrip = "Use DER format for input certificates and private keys";
+ descrip = "Use DER/RAW format for input certificates and private keys";
+ disabled;
+ disable = "no";
doc = "";
};
flag = {
name = inraw;
- descrip = "Use RAW/DER format for input certificates and private keys";
- doc = "";
+ aliases = inder;
};
flag = {
diff --git a/src/p11tool.c b/src/p11tool.c
index beeaa5a..a4e4913 100644
--- a/src/p11tool.c
+++ b/src/p11tool.c
@@ -142,8 +142,10 @@ cmd_parser (int argc, char **argv)
if (HAVE_OPT(PKCS8))
cinfo.pkcs8 = 1;
- if (HAVE_OPT(INDER) || HAVE_OPT(INRAW))
+ if (ENABLED_OPT(INDER) || ENABLED_OPT(INRAW))
cinfo.incert_format = GNUTLS_X509_FMT_DER;
+ else
+ cinfo.incert_format = GNUTLS_X509_FMT_PEM;
if (HAVE_OPT(LOAD_CERTIFICATE))
cinfo.cert = OPT_ARG(LOAD_CERTIFICATE);
diff --git a/src/psk-args.def.in b/src/psk-args.def.in
index dd6e77f..5be3c9a 100644
--- a/src/psk-args.def.in
+++ b/src/psk-args.def.in
@@ -3,6 +3,7 @@ prog-name = psktool;
prog-title = "GnuTLS PSK tool";
prog-desc = "Program to create PSK parameters.\n";
detail = "Program that generates random keys for use with TLS-PSK. The
+help-value = "h";
keys are stored in hexadecimal format in a key file.";
short-usage = "psktool [options]\npsktool --help for usage instructions.\n";
prog-group = "GnuTLS";
diff --git a/src/serv-args.def.in b/src/serv-args.def.in
index 9167eaf..76d5697 100644
--- a/src/serv-args.def.in
+++ b/src/serv-args.def.in
@@ -3,6 +3,7 @@ prog-name = gnutls-serv;
prog-title = "GnuTLS server";
prog-desc = "Simple server program to act as an HTTPS or TLS echo
service.";
short-usage = "Usage: gnutls-serv [options]\ngnutls-serv --help for usage
instructions.\n";
+help-value = "h";
prog-group = "GnuTLS";
explain = "";
detail = "Server program that listens to incoming TLS connections.";
diff --git a/src/srptool-args.def.in b/src/srptool-args.def.in
index bfa8fe0..6164d14 100644
--- a/src/srptool-args.def.in
+++ b/src/srptool-args.def.in
@@ -2,6 +2,7 @@ AutoGen Definitions options;
prog-name = srptool;
prog-title = "GnuTLS SRP tool";
prog-desc = "Simple program to create SRP parameters.\n";
+help-value = "h";
explain = "";
detail = "Simple program that emulates the programs in the Stanford SRP
(Secure
Remote Password) libraries using GnuTLS. It is intended for use in places
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls-3_0_12-55-g918ea24,
Nikos Mavrogiannopoulos <=