From 16e1b281b2e16ff6deb8ca431dfc5743de31d0e2 Mon Sep 17 00:00:00 2001 From: FdaSilvaYY Date: Sun, 20 Mar 2016 21:14:10 +0100 Subject: [PATCH] GH932: Add more help messages to some apps options. Reviewed-by: Matt Caswell Reviewed-by: Rich Salz --- apps/asn1pars.c | 2 +- apps/ca.c | 12 ++++++------ apps/cms.c | 8 ++++---- apps/crl.c | 8 ++++---- apps/dhparam.c | 2 +- apps/dsa.c | 4 ++-- apps/ec.c | 4 ++-- apps/ocsp.c | 11 ++++++----- apps/pkeyutl.c | 2 +- apps/rsautl.c | 2 +- apps/smime.c | 2 +- apps/ts.c | 2 +- apps/x509.c | 6 +++--- 13 files changed, 33 insertions(+), 32 deletions(-) diff --git a/apps/asn1pars.c b/apps/asn1pars.c index 3da7e3b4c5..3b29801b47 100644 --- a/apps/asn1pars.c +++ b/apps/asn1pars.c @@ -82,7 +82,7 @@ OPTIONS asn1parse_options[] = { {"in", OPT_IN, '<', "input file"}, {"out", OPT_OUT, '>', "output file (output format is always DER)"}, {"i", OPT_INDENT, 0, "indents the output"}, - {"noout", OPT_NOOUT, 0, "don't produce any output"}, + {"noout", OPT_NOOUT, 0, "do not produce any output"}, {"offset", OPT_OFFSET, 'p', "offset into file"}, {"length", OPT_LENGTH, 'p', "length of section in file"}, {"oid", OPT_OID, '<', "file of extra oid definitions"}, diff --git a/apps/ca.c b/apps/ca.c index 95801fbf39..0e7bfdcbe3 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -220,7 +220,7 @@ OPTIONS ca_options[] = { {"policy", OPT_POLICY, 's', "The CA 'policy' to support"}, {"keyfile", OPT_KEYFILE, 's', "Private key"}, {"keyform", OPT_KEYFORM, 'f', "Private key file format (PEM or ENGINE)"}, - {"passin", OPT_PASSIN, 's'}, + {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, {"key", OPT_KEY, 's', "Key to decode the private key if it is encrypted"}, {"cert", OPT_CERT, '<', "The CA cert"}, {"selfsign", OPT_SELFSIGN, '-', @@ -228,17 +228,17 @@ OPTIONS ca_options[] = { {"in", OPT_IN, '<', "The input PEM encoded cert request(s)"}, {"out", OPT_OUT, '>', "Where to put the output file(s)"}, {"outdir", OPT_OUTDIR, '/', "Where to put output cert"}, - {"sigopt", OPT_SIGOPT, 's'}, - {"notext", OPT_NOTEXT, '-'}, + {"sigopt", OPT_SIGOPT, 's', "Signature parameter in n:v form"}, + {"notext", OPT_NOTEXT, '-', "Do not print the generated certificate"}, {"batch", OPT_BATCH, '-', "Don't ask questions"}, {"preserveDN", OPT_PRESERVEDN, '-', "Don't re-order the DN"}, {"noemailDN", OPT_NOEMAILDN, '-', "Don't add the EMAIL field to the DN"}, {"gencrl", OPT_GENCRL, '-', "Generate a new CRL"}, {"msie_hack", OPT_MSIE_HACK, '-', "msie modifications to handle all those universal strings"}, - {"crldays", OPT_CRLDAYS, 'p', "Days is when the next CRL is due"}, - {"crlhours", OPT_CRLHOURS, 'p', "Hours is when the next CRL is due"}, - {"crlsec", OPT_CRLSEC, 'p'}, + {"crldays", OPT_CRLDAYS, 'p', "Days until the next CRL is due"}, + {"crlhours", OPT_CRLHOURS, 'p', "Hours until the next CRL is due"}, + {"crlsec", OPT_CRLSEC, 'p', "Seconds until the next CRL is due"}, {"infiles", OPT_INFILES, '-', "The last argument, requests to process"}, {"ss_cert", OPT_SS_CERT, '<', "File contains a self signed cert to sign"}, {"spkac", OPT_SPKAC, '<', diff --git a/apps/cms.c b/apps/cms.c index 95f21245eb..7bc40d5d2f 100644 --- a/apps/cms.c +++ b/apps/cms.c @@ -142,7 +142,7 @@ OPTIONS cms_options[] = { {"encrypt", OPT_ENCRYPT, '-', "Encrypt message"}, {"decrypt", OPT_DECRYPT, '-', "Decrypt encrypted message"}, {"sign", OPT_SIGN, '-', "Sign message"}, - {"sign_receipt", OPT_SIGN_RECEIPT, '-'}, + {"sign_receipt", OPT_SIGN_RECEIPT, '-', "Generate a signed receipt for the message"}, {"resign", OPT_RESIGN, '-'}, {"verify", OPT_VERIFY, '-', "Verify signed message"}, {"verify_retcode", OPT_VERIFY_RETCODE, '-'}, @@ -177,7 +177,7 @@ OPTIONS cms_options[] = { {"noindef", OPT_NOINDEF, '-'}, {"nooldmime", OPT_NOOLDMIME, '-'}, {"crlfeol", OPT_CRLFEOL, '-'}, - {"noout", OPT_NOOUT, '-'}, + {"noout", OPT_NOOUT, '-', "For the -cmsout operation do not output the parsed CMS structure"}, {"receipt_request_print", OPT_RR_PRINT, '-'}, {"receipt_request_all", OPT_RR_ALL, '-'}, {"receipt_request_first", OPT_RR_FIRST, '-'}, @@ -191,7 +191,7 @@ OPTIONS cms_options[] = { "Do not load certificates from the default certificates directory"}, {"content", OPT_CONTENT, '<', "Supply or override content for detached signature"}, - {"print", OPT_PRINT, '-'}, + {"print", OPT_PRINT, '-', "For the -cmsout operation print out all fields of the CMS structure"}, {"secretkey", OPT_SECRETKEY, 's'}, {"secretkeyid", OPT_SECRETKEYID, 's'}, {"pwri_password", OPT_PWRI_PASSWORD, 's'}, @@ -205,7 +205,7 @@ OPTIONS cms_options[] = { {"signer", OPT_SIGNER, 's', "Signer certificate file"}, {"recip", OPT_RECIP, '<', "Recipient cert file for decryption"}, {"certsout", OPT_CERTSOUT, '>', "Certificate output file"}, - {"md", OPT_MD, 's'}, + {"md", OPT_MD, 's', "Digest algorithm to use when signing or resigning"}, {"inkey", OPT_INKEY, 's', "Input private key (if not signer or recipient)"}, {"keyform", OPT_KEYFORM, 'f', "Input private key format (PEM or ENGINE)"}, diff --git a/apps/crl.c b/apps/crl.c index d3fd4162c4..f48ad148a8 100644 --- a/apps/crl.c +++ b/apps/crl.c @@ -80,15 +80,15 @@ OPTIONS crl_options[] = { {"in", OPT_IN, '<', "Input file - default stdin"}, {"outform", OPT_OUTFORM, 'F', "Output format - default PEM"}, {"out", OPT_OUT, '>', "output file - default stdout"}, - {"keyform", OPT_KEYFORM, 'F'}, - {"key", OPT_KEY, '<'}, + {"keyform", OPT_KEYFORM, 'F', "Private key file format (PEM or ENGINE)"}, + {"key", OPT_KEY, '<', "CRL signing Private key to use"}, {"issuer", OPT_ISSUER, '-', "Print issuer DN"}, {"lastupdate", OPT_LASTUPDATE, '-', "Set lastUpdate field"}, {"nextupdate", OPT_NEXTUPDATE, '-', "Set nextUpdate field"}, {"noout", OPT_NOOUT, '-', "No CRL output"}, {"fingerprint", OPT_FINGERPRINT, '-', "Print the crl fingerprint"}, {"crlnumber", OPT_CRLNUMBER, '-', "Print CRL number"}, - {"badsig", OPT_BADSIG, '-'}, + {"badsig", OPT_BADSIG, '-', "Corrupt last byte of loaded CRL signature (for test)" }, {"gendelta", OPT_GENDELTA, '<'}, {"CApath", OPT_CAPATH, '/', "Verify CRL using certificates in dir"}, {"CAfile", OPT_CAFILE, '<', "Verify CRL using certificates in file name"}, @@ -96,7 +96,7 @@ OPTIONS crl_options[] = { "Do not load the default certificates file"}, {"no-CApath", OPT_NOCAPATH, '-', "Do not load certificates from the default certificates directory"}, - {"verify", OPT_VERIFY, '-'}, + {"verify", OPT_VERIFY, '-', "Verify CRL signature"}, {"text", OPT_TEXT, '-', "Print out a text format version"}, {"hash", OPT_HASH, '-', "Print hash value"}, {"nameopt", OPT_NAMEOPT, 's', "Various certificate name options"}, diff --git a/apps/dhparam.c b/apps/dhparam.c index 9ad80edef6..c1a8acd5c4 100644 --- a/apps/dhparam.c +++ b/apps/dhparam.c @@ -150,7 +150,7 @@ OPTIONS dhparam_options[] = { {"out", OPT_OUT, '>', "Output file"}, {"check", OPT_CHECK, '-', "Check the DH parameters"}, {"text", OPT_TEXT, '-', "Print a text form of the DH parameters"}, - {"noout", OPT_NOOUT, '-'}, + {"noout", OPT_NOOUT, '-', "Don't output any DH parameters"}, {"rand", OPT_RAND, 's', "Load the file(s) into the random number generator"}, {"C", OPT_C, '-', "Print C code"}, diff --git a/apps/dsa.c b/apps/dsa.c index 1c841a3a80..b7b9593872 100644 --- a/apps/dsa.c +++ b/apps/dsa.c @@ -90,8 +90,8 @@ OPTIONS dsa_options[] = { {"noout", OPT_NOOUT, '-', "Don't print key out"}, {"text", OPT_TEXT, '-', "Print the key in text"}, {"modulus", OPT_MODULUS, '-', "Print the DSA public value"}, - {"pubin", OPT_PUBIN, '-'}, - {"pubout", OPT_PUBOUT, '-'}, + {"pubin", OPT_PUBIN, '-', "Expect a public key in input file"}, + {"pubout", OPT_PUBOUT, '-', "Output public key, not private"}, {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"}, {"", OPT_CIPHER, '-', "Any supported cipher"}, diff --git a/apps/ec.c b/apps/ec.c index 432e9ff5eb..2e3c1bc058 100644 --- a/apps/ec.c +++ b/apps/ec.c @@ -99,8 +99,8 @@ OPTIONS ec_options[] = { {"noout", OPT_NOOUT, '-', "Don't print key out"}, {"text", OPT_TEXT, '-', "Print the key"}, {"param_out", OPT_PARAM_OUT, '-', "Print the elliptic curve parameters"}, - {"pubin", OPT_PUBIN, '-'}, - {"pubout", OPT_PUBOUT, '-'}, + {"pubin", OPT_PUBIN, '-', "Expect a public key in input file"}, + {"pubout", OPT_PUBOUT, '-', "Output public key, not private"}, {"no_public", OPT_NO_PUBLIC, '-', "exclude public key from private key"}, {"check", OPT_CHECK, '-', "check key consistency"}, {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, diff --git a/apps/ocsp.c b/apps/ocsp.c index c1679f0292..fd38da44e3 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -178,7 +178,8 @@ OPTIONS ocsp_options[] = { "Don't verify additional certificates"}, {"no_intern", OPT_NO_INTERN, '-', "Don't search certificates contained in response for signer"}, - {"badsig", OPT_BADSIG, '-'}, + {"badsig", OPT_BADSIG, '-', + "Corrupt last byte of loaded OSCP response signature (for test)"}, {"text", OPT_TEXT, '-', "Print text form of request and response"}, {"req_text", OPT_REQ_TEXT, '-', "Print text form of request"}, {"resp_text", OPT_RESP_TEXT, '-', "Print text form of response"}, @@ -205,7 +206,7 @@ OPTIONS ocsp_options[] = { {"path", OPT_PATH, 's', "Path to use in OCSP request"}, {"issuer", OPT_ISSUER, '<', "Issuer certificate"}, {"cert", OPT_CERT, '<', "Certificate to check"}, - {"serial", OPT_SERIAL, 's', "Nerial number to check"}, + {"serial", OPT_SERIAL, 's', "Serial number to check"}, {"index", OPT_INDEX, '<', "Certificate status index file"}, {"CA", OPT_CA, '<', "CA certificate"}, {"nmin", OPT_NMIN, 'p', "Number of minutes before next update"}, @@ -216,9 +217,9 @@ OPTIONS ocsp_options[] = { "Sesponder certificate to sign responses with"}, {"rkey", OPT_RKEY, '<', "Responder key to sign responses with"}, {"rother", OPT_ROTHER, '<', "Other certificates to include in response"}, - {"rmd", OPT_RMD, 's'}, + {"rmd", OPT_RMD, 's', "Digest Algorithm to use in signature of OCSP response"}, {"header", OPT_HEADER, 's', "key=value header to add"}, - {"", OPT_MD, '-', "Any supported digest"}, + {"", OPT_MD, '-', "Any supported digest algorithm (sha1,sha256, ... )"}, OPT_V_OPTIONS, {NULL} }; @@ -473,7 +474,7 @@ int ocsp_main(int argc, char **argv) case OPT_ROTHER: rcertfile = opt_arg(); break; - case OPT_RMD: + case OPT_RMD: /* Response MessageDigest */ if (!opt_md(opt_arg(), &rsign_md)) goto end; break; diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c index fe7f586119..7c54ec6a4f 100644 --- a/apps/pkeyutl.c +++ b/apps/pkeyutl.c @@ -109,7 +109,7 @@ OPTIONS pkeyutl_options[] = { {"sigfile", OPT_SIGFILE, '<', "Signature file (verify operation only)"}, {"inkey", OPT_INKEY, 's', "Input private key file"}, {"peerkey", OPT_PEERKEY, 's', "Peer key file used in key derivation"}, - {"passin", OPT_PASSIN, 's', "Pass phrase source"}, + {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, {"peerform", OPT_PEERFORM, 'E', "Peer key format - default PEM"}, {"keyform", OPT_KEYFORM, 'E', "Private key format - default PEM"}, {"pkeyopt", OPT_PKEYOPT, 's', "Public key options as opt:value"}, diff --git a/apps/rsautl.c b/apps/rsautl.c index 728352cbd4..8504d6a823 100644 --- a/apps/rsautl.c +++ b/apps/rsautl.c @@ -105,7 +105,7 @@ OPTIONS rsautl_options[] = { {"rev", OPT_REV, '-', "Reverse the order of the input buffer"}, {"encrypt", OPT_ENCRYPT, '-', "Encrypt with public key"}, {"decrypt", OPT_DECRYPT, '-', "Decrypt with private key"}, - {"passin", OPT_PASSIN, 's', "Pass phrase source"}, + {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, # ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, # endif diff --git a/apps/smime.c b/apps/smime.c index 60daeb408d..3257a23396 100644 --- a/apps/smime.c +++ b/apps/smime.c @@ -148,7 +148,7 @@ OPTIONS smime_options[] = { {"rand", OPT_RAND, 's', "Load the file(s) into the random number generator"}, {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, - {"md", OPT_MD, 's'}, + {"md", OPT_MD, 's', "Digest algorithm to use when signing or resigning"}, {"", OPT_CIPHER, '-', "Any supported cipher"}, OPT_V_OPTIONS, #ifndef OPENSSL_NO_ENGINE diff --git a/apps/ts.c b/apps/ts.c index cec217708e..d55d2397aa 100644 --- a/apps/ts.c +++ b/apps/ts.c @@ -154,7 +154,7 @@ OPTIONS ts_options[] = { {"text", OPT_TEXT, '-', "Output text (not DER)"}, {"reply", OPT_REPLY, '-', "Generate a TS reply"}, {"queryfile", OPT_QUERYFILE, '<', "File containing a TS query"}, - {"passin", OPT_PASSIN, 's'}, + {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, {"inkey", OPT_INKEY, '<', "File with private key for reply"}, {"signer", OPT_SIGNER, 's'}, {"chain", OPT_CHAIN, '<', "File with signer CA chain"}, diff --git a/apps/x509.c b/apps/x509.c index 6370116582..fc11bd88bf 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -116,7 +116,7 @@ OPTIONS x509_options[] = { "Output format - default PEM (one of DER, NET or PEM)"}, {"out", OPT_OUT, '>', "Output file - default stdout"}, {"keyform", OPT_KEYFORM, 'F', "Private key format - default PEM"}, - {"passin", OPT_PASSIN, 's', "Private key password source"}, + {"passin", OPT_PASSIN, 's', "Private key password/pass-phrase source"}, {"serial", OPT_SERIAL, '-', "Print serial number value"}, {"subject_hash", OPT_HASH, '-', "Print subject hash value"}, {"issuer_hash", OPT_ISSUER_HASH, '-', "Print issuer hash value"}, @@ -172,11 +172,11 @@ OPTIONS x509_options[] = { {"checkip", OPT_CHECKIP, 's', "Check certificate matches ipaddr"}, {"CAform", OPT_CAFORM, 'F', "CA format - default PEM"}, {"CAkeyform", OPT_CAKEYFORM, 'F', "CA key format - default PEM"}, - {"sigopt", OPT_SIGOPT, 's'}, + {"sigopt", OPT_SIGOPT, 's', "Signature parameter in n:v form"}, {"force_pubkey", OPT_FORCE_PUBKEY, '<'}, {"next_serial", OPT_NEXT_SERIAL, '-'}, {"clrreject", OPT_CLRREJECT, '-'}, - {"badsig", OPT_BADSIG, '-'}, + {"badsig", OPT_BADSIG, '-', "Corrupt last byte of certificate signature (for test)"}, {"", OPT_MD, '-', "Any supported digest"}, #ifndef OPENSSL_NO_MD5 {"subject_hash_old", OPT_SUBJECT_HASH_OLD, '-', -- GitLab