[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_3_1_4-45-g0e5683a
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_3_1_4-45-g0e5683a |
|
Date: |
Tue, 20 Nov 2012 16:51:34 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=0e5683ada58ddb14969ea7aa3113de2f843eb38d
The branch, master has been updated
via 0e5683ada58ddb14969ea7aa3113de2f843eb38d (commit)
via 5653b4db4ee6ae5a8600ecacaedb577080dac0d4 (commit)
from 7150a903a274492f88b4580d26c667ddc40fee67 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 0e5683ada58ddb14969ea7aa3113de2f843eb38d
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Tue Nov 20 17:32:25 2012 +0100
Several updates in certificate/public key printing.
* Added GNUTLS_CRT_PRINT_FULL_NUMBERS to print bignumbers in an easier to
parse format.
* Added gnutls_pubkey_import_x509_crq() to convert a certificate request to
a public key.
* Added gnutls_pubkey_print() to simplify public key printing.
* certtool's pubkey-info can be combined with --load-request.
* Added --numbers option to certtool which prints big numbers in an easier
to parser format.
commit 5653b4db4ee6ae5a8600ecacaedb577080dac0d4
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Tue Nov 20 09:23:24 2012 +0100
use gnulib to detect iconv.
-----------------------------------------------------------------------
Summary of changes:
NEWS | 5 +
build-aux/gendocs.sh | 138 ++++--
configure.ac | 3 +-
doc/Makefile.am | 6 +
doc/cha-gtls-app.texi | 8 +-
doc/invoke-certtool.texi | 9 +-
doc/manpages/Makefile.am | 3 +
gl/Makefile.am | 13 +-
gl/{tests => }/dup2.c | 0
gl/errno.in.h | 5 +
gl/m4/errno_h.m4 | 5 +-
gl/m4/gnulib-cache.m4 | 3 +-
gl/m4/gnulib-comp.m4 | 20 +-
gl/m4/select.m4 | 40 ++-
gl/m4/stdlib_h.m4 | 1 +
gl/select.c | 19 +
gl/stdlib.in.h | 13 +-
gl/strerror-override.c | 5 +
gl/strerror-override.h | 3 +-
gl/tests/Makefile.am | 19 +-
gl/tests/fcntl.in.h | 14 +-
gl/tests/test-fcntl-h.c | 17 +-
gl/tests/test-iconv.c | 148 ++++++
gl/tests/test-select.h | 25 +
lib/gnutls_pubkey.c | 36 ++
lib/includes/gnutls/abstract.h | 7 +
lib/includes/gnutls/gnutls.h.in | 4 +-
lib/libgnutls.map | 2 +
lib/system.c | 2 +-
lib/x509/output.c | 962 ++++++++++++++++++++++-----------------
m4/hooks.m4 | 5 +
maint.mk | 6 +-
src/certtool-args.c | 575 ++++++++++++-----------
src/certtool-args.def | 8 +-
src/certtool-args.h | 128 +++---
src/certtool-common.c | 136 +------
src/certtool-common.h | 2 +-
src/certtool.c | 27 +-
src/tpmtool.c | 2 +-
39 files changed, 1434 insertions(+), 990 deletions(-)
rename gl/{tests => }/dup2.c (100%)
create mode 100644 gl/tests/test-iconv.c
diff --git a/NEWS b/NEWS
index dad8b2d..2baf32b 100644
--- a/NEWS
+++ b/NEWS
@@ -22,6 +22,9 @@ key.
** certtool: It is able to set certificate policies via a template.
+** certtool: Added --numbers option which prints big numbers in an
+easier to parser format.
+
** p11tool: After key generation, outputs the public key (useful in
tokens that do not store the public key).
@@ -30,6 +33,8 @@ gnutls_pkcs11_privkey_generate2: Added
gnutls_x509_crt_get_policy: Added
gnutls_x509_crt_set_policy: Added
gnutls_x509_policy_release: Added
+gnutls_pubkey_import_x509_crq: Added
+gnutls_pubkey_print: Added
* Version 3.1.4 (released 2012-11-10)
diff --git a/build-aux/gendocs.sh b/build-aux/gendocs.sh
index c293f96..0c0bc4b 100755
--- a/build-aux/gendocs.sh
+++ b/build-aux/gendocs.sh
@@ -2,7 +2,7 @@
# gendocs.sh -- generate a GNU manual in many formats. This script is
# mentioned in maintain.texi. See the help message below for usage details.
-scriptversion=2012-09-02.17
+scriptversion=2012-10-27.11
# Copyright 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012
# Free Software Foundation, Inc.
@@ -30,6 +30,12 @@ scriptversion=2012-09-02.17
#
# An up-to-date copy is also maintained in Gnulib (gnu.org/software/gnulib).
+# TODO:
+# - image importation was only implemented for HTML generated by
+# makeinfo. But it should be simple enough to adjust.
+# - images are not imported in the source tarball. All the needed
+# formats (PDF, PNG, etc.) should be included.
+
prog=`basename "$0"`
srcdir=`pwd`
@@ -39,12 +45,11 @@
templateurl="http://savannah.gnu.org/cgi-bin/viewcvs/~checkout~/texinfo/texinfo/
: ${SETLANG="env LANG= LC_MESSAGES= LC_ALL= LANGUAGE="}
: ${MAKEINFO="makeinfo"}
: ${TEXI2DVI="texi2dvi -t @finalout"}
-: ${DVIPS="dvips"}
: ${DOCBOOK2HTML="docbook2html"}
: ${DOCBOOK2PDF="docbook2pdf"}
-: ${DOCBOOK2PS="docbook2ps"}
: ${DOCBOOK2TXT="docbook2txt"}
: ${GENDOCS_TEMPLATE_DIR="."}
+: ${PERL='perl'}
: ${TEXI2HTML="texi2html"}
unset CDPATH
unset use_texi2html
@@ -66,8 +71,9 @@ discussion:
Options:
-s SRCFILE read Texinfo from SRCFILE, instead of PACKAGE.{texinfo|texi|txi}
-o OUTDIR write files into OUTDIR, instead of manual/.
+ -I DIR append DIR to the Texinfo search path.
--email ADR use ADR as contact in generated web pages.
- --docbook convert to DocBook too (xml, txt, html, pdf and ps).
+ --docbook convert through DocBook too (xml, txt, html, pdf).
--html ARG pass indicated ARG to makeinfo or texi2html for HTML targets.
--info ARG pass indicated ARG to makeinfo for Info, instead of --no-split.
--texi2html use texi2html to generate HTML targets.
@@ -107,11 +113,11 @@ first copy or symlink all Texinfo sources into a single
directory.
As implied above, by default monolithic Info files are generated.
If you want split Info, or other Info options, use --info to override.
-You can set the environment variables MAKEINFO, TEXI2DVI, TEXI2HTML, and
-DVIPS to control the programs that get executed, and
+You can set the environment variables MAKEINFO, TEXI2DVI, TEXI2HTML,
+and PERL to control the programs that get executed, and
GENDOCS_TEMPLATE_DIR to control where the gendocs_template file is
looked for. With --docbook, the environment variables DOCBOOK2HTML,
-DOCBOOK2PDF, DOCBOOK2PS, and DOCBOOK2TXT are also respected.
+DOCBOOK2PDF, and DOCBOOK2TXT are also respected.
By default, makeinfo and texi2dvi are run in the default (English)
locale, since that's the language of most Texinfo manuals. If you
@@ -121,15 +127,11 @@ SETLANG setting in the source.
Email bug reports or enhancement requests to address@hidden
"
-calcsize()
-{
- size=`ls -ksl $1 | awk '{print $1}'`
- echo $size
-}
-
MANUAL_TITLE=
PACKAGE=
address@hidden # please override with --email
+commonarg= # Options passed to all the tools (-I dir).
+dirs= # -I's directories.
htmlarg=
infoarg=--no-split
outdir=manual
@@ -142,6 +144,7 @@ while test $# -gt 0; do
--version) echo "$version"; exit 0;;
-s) shift; srcfile=$1;;
-o) shift; outdir=$1;;
+ -I) shift; commonarg="$commonarg -I '$1'"; dirs="$dirs $1";;
--docbook) docbook=yes;;
--html) shift; htmlarg=$1;;
--info) shift; infoarg=$1;;
@@ -190,6 +193,55 @@ if test ! -r $GENDOCS_TEMPLATE_DIR/gendocs_template; then
exit 1
fi
+# Function to return size of $1 in something resembling kilobytes.
+calcsize()
+{
+ size=`ls -ksl $1 | awk '{print $1}'`
+ echo $size
+}
+
+# copy_images OUTDIR HTML-FILE...
+# -------------------------------
+# Copy all the images needed by the HTML-FILEs into OUTDIR. Look
+# for them in the -I directories.
+copy_images()
+{
+ local odir
+ odir=$1
+ shift
+ $PERL -n -e "
+BEGIN {
+ \$me = '$prog';
+ \$odir = '$odir';
+ @dirs = qw($dirs);
+}
+" -e '
+/<img src="(.*?)"/g && ++$need{$1};
+
+END {
+ #print "$me: @{[keys %need]}\n"; # for debugging, show images found.
+ FILE: for my $f (keys %need) {
+ for my $d (@dirs) {
+ if (-f "$d/$f") {
+ use File::Basename;
+ my $dest = dirname ("$odir/$f");
+ #
+ use File::Path;
+ -d $dest || mkpath ($dest)
+ || die "$me: cannot mkdir $dest: $!\n";
+ #
+ use File::Copy;
+ copy ("$d/$f", $dest)
+ || die "$me: cannot copy $d/$f to $dest: $!\n";
+ next FILE;
+ }
+ }
+ die "$me: $ARGV: cannot find image $f\n";
+ }
+}
+' -- "$@" || exit 1
+}
+
case $outdir in
/*) abs_outdir=$outdir;;
*) abs_outdir=$srcdir/$outdir;;
@@ -197,7 +249,7 @@ esac
echo "Generating output formats for $srcfile"
-cmd="$SETLANG $MAKEINFO -o $PACKAGE.info $infoarg \"$srcfile\""
+cmd="$SETLANG $MAKEINFO -o $PACKAGE.info $commonarg $infoarg \"$srcfile\""
echo "Generating info file(s)... ($cmd)"
eval "$cmd"
mkdir -p "$outdir/"
@@ -206,29 +258,23 @@ info_tgz_size=`calcsize "$outdir/$PACKAGE.info.tar.gz"`
# do not mv the info files, there's no point in having them available
# separately on the web.
-cmd="$SETLANG ${TEXI2DVI} \"$srcfile\""
+cmd="$SETLANG $TEXI2DVI $commonarg \"$srcfile\""
echo "Generating dvi ... ($cmd)"
eval "$cmd"
-# now, before we compress dvi:
-echo "Generating postscript..."
-${DVIPS} $PACKAGE -o
-gzip -f -9 $PACKAGE.ps
-ps_gz_size=`calcsize $PACKAGE.ps.gz`
-mv $PACKAGE.ps.gz "$outdir/"
-
# compress/finish dvi:
gzip -f -9 $PACKAGE.dvi
dvi_gz_size=`calcsize $PACKAGE.dvi.gz`
mv $PACKAGE.dvi.gz "$outdir/"
-cmd="$SETLANG ${TEXI2DVI} --pdf \"$srcfile\""
+cmd="$SETLANG $TEXI2DVI --pdf $commonarg \"$srcfile\""
echo "Generating pdf ... ($cmd)"
eval "$cmd"
pdf_size=`calcsize $PACKAGE.pdf`
mv $PACKAGE.pdf "$outdir/"
-cmd="$SETLANG $MAKEINFO -o $PACKAGE.txt --no-split --no-headers \"$srcfile\""
+opt="-o $PACKAGE.txt --no-split --no-headers $commonarg"
+cmd="$SETLANG $MAKEINFO $opt \"$srcfile\""
echo "Generating ASCII... ($cmd)"
eval "$cmd"
ascii_size=`calcsize $PACKAGE.txt`
@@ -238,7 +284,7 @@ mv $PACKAGE.txt "$outdir/"
html_split()
{
- opt="--split=$1 $htmlarg --node-files"
+ opt="--split=$1 $commonarg $htmlarg --node-files"
cmd="$SETLANG $TEXI2HTML --output $PACKAGE.html $opt \"$srcfile\""
echo "Generating html by $1... ($cmd)"
eval "$cmd"
@@ -256,7 +302,7 @@ html_split()
}
if test -z "$use_texi2html"; then
- opt="--no-split --html -o $PACKAGE.html $htmlarg"
+ opt="--no-split --html -o $PACKAGE.html $commonarg $htmlarg"
cmd="$SETLANG $MAKEINFO $opt \"$srcfile\""
echo "Generating monolithic html... ($cmd)"
rm -rf $PACKAGE.html # in case a directory is left over
@@ -264,23 +310,25 @@ if test -z "$use_texi2html"; then
html_mono_size=`calcsize $PACKAGE.html`
gzip -f -9 -c $PACKAGE.html >"$outdir/$PACKAGE.html.gz"
html_mono_gz_size=`calcsize "$outdir/$PACKAGE.html.gz"`
+ copy_images "$outdir/" $PACKAGE.html
mv $PACKAGE.html "$outdir/"
- cmd="$SETLANG $MAKEINFO --html -o $PACKAGE.html $htmlarg \"$srcfile\""
+ opt="--html -o $PACKAGE.html $commonarg $htmlarg"
+ cmd="$SETLANG $MAKEINFO $opt \"$srcfile\""
echo "Generating html by node... ($cmd)"
eval "$cmd"
split_html_dir=$PACKAGE.html
+ copy_images $split_html_dir/ $split_html_dir/*.html
(
- cd ${split_html_dir} || exit 1
- tar -czf "$abs_outdir/${PACKAGE}.html_node.tar.gz" -- *.html
+ cd $split_html_dir || exit 1
+ tar -czf "$abs_outdir/$PACKAGE.html_node.tar.gz" -- *
)
- html_node_tgz_size=`calcsize "$outdir/${PACKAGE}.html_node.tar.gz"`
- rm -f "$outdir"/html_node/*.html
- mkdir -p "$outdir/html_node/"
- mv ${split_html_dir}/*.html "$outdir/html_node/"
- rmdir ${split_html_dir}
+ html_node_tgz_size=`calcsize "$outdir/$PACKAGE.html_node.tar.gz"`
+ rm -rf "$outdir/html_node/"
+ mv $split_html_dir "$outdir/html_node/"
else
- cmd="$SETLANG $TEXI2HTML --output $PACKAGE.html $htmlarg \"$srcfile\""
+ opt="--output $PACKAGE.html $commonarg $htmlarg"
+ cmd="$SETLANG $TEXI2HTML $opt \"$srcfile\""
echo "Generating monolithic html... ($cmd)"
rm -rf $PACKAGE.html # in case a directory is left over
eval "$cmd"
@@ -304,7 +352,8 @@ d=`dirname $srcfile`
texi_tgz_size=`calcsize "$outdir/$PACKAGE.texi.tar.gz"`
if test -n "$docbook"; then
- cmd="$SETLANG $MAKEINFO -o - --docbook \"$srcfile\" >
${srcdir}/$PACKAGE-db.xml"
+ opt="-o - --docbook $commonarg"
+ cmd="$SETLANG $MAKEINFO $opt \"$srcfile\" >${srcdir}/$PACKAGE-db.xml"
echo "Generating docbook XML... ($cmd)"
eval "$cmd"
docbook_xml_size=`calcsize $PACKAGE-db.xml`
@@ -313,7 +362,8 @@ if test -n "$docbook"; then
mv $PACKAGE-db.xml "$outdir/"
split_html_db_dir=html_node_db
- cmd="${DOCBOOK2HTML} -o $split_html_db_dir \"${outdir}/$PACKAGE-db.xml\""
+ opt="$commonarg -o $split_html_db_dir"
+ cmd="$DOCBOOK2HTML $opt \"${outdir}/$PACKAGE-db.xml\""
echo "Generating docbook HTML... ($cmd)"
eval "$cmd"
(
@@ -326,20 +376,13 @@ if test -n "$docbook"; then
mv ${split_html_db_dir}/*.html "$outdir/html_node_db/"
rmdir ${split_html_db_dir}
- cmd="${DOCBOOK2TXT} \"${outdir}/$PACKAGE-db.xml\""
+ cmd="$DOCBOOK2TXT \"${outdir}/$PACKAGE-db.xml\""
echo "Generating docbook ASCII... ($cmd)"
eval "$cmd"
docbook_ascii_size=`calcsize $PACKAGE-db.txt`
mv $PACKAGE-db.txt "$outdir/"
- cmd="${DOCBOOK2PS} \"${outdir}/$PACKAGE-db.xml\""
- echo "Generating docbook PS... ($cmd)"
- eval "$cmd"
- gzip -f -9 -c $PACKAGE-db.ps >"$outdir/$PACKAGE-db.ps.gz"
- docbook_ps_gz_size=`calcsize "$outdir/$PACKAGE-db.ps.gz"`
- mv $PACKAGE-db.ps "$outdir/"
-
- cmd="${DOCBOOK2PDF} \"${outdir}/$PACKAGE-db.xml\""
+ cmd="$DOCBOOK2PDF \"${outdir}/$PACKAGE-db.xml\""
echo "Generating docbook PDF... ($cmd)"
eval "$cmd"
docbook_pdf_size=`calcsize $PACKAGE-db.pdf`
@@ -353,6 +396,7 @@ if test -z "$use_texi2html"; then
else
CONDS="/%%ENDIF.*%%/d;/%%IF *HTML_SECTION%%/d;/%%IF *HTML_CHAPTER%%/d"
fi
+
curdate=`$SETLANG date '+%B %d, %Y'`
sed \
-e "s!%%TITLE%%!$MANUAL_TITLE!g" \
@@ -367,13 +411,11 @@ sed \
-e "s!%%INFO_TGZ_SIZE%%!$info_tgz_size!g" \
-e "s!%%DVI_GZ_SIZE%%!$dvi_gz_size!g" \
-e "s!%%PDF_SIZE%%!$pdf_size!g" \
- -e "s!%%PS_GZ_SIZE%%!$ps_gz_size!g" \
-e "s!%%ASCII_SIZE%%!$ascii_size!g" \
-e "s!%%ASCII_GZ_SIZE%%!$ascii_gz_size!g" \
-e "s!%%TEXI_TGZ_SIZE%%!$texi_tgz_size!g" \
-e "s!%%DOCBOOK_HTML_NODE_TGZ_SIZE%%!$html_node_db_tgz_size!g" \
-e "s!%%DOCBOOK_ASCII_SIZE%%!$docbook_ascii_size!g" \
- -e "s!%%DOCBOOK_PS_GZ_SIZE%%!$docbook_ps_gz_size!g" \
-e "s!%%DOCBOOK_PDF_SIZE%%!$docbook_pdf_size!g" \
-e "s!%%DOCBOOK_XML_SIZE%%!$docbook_xml_size!g" \
-e "s!%%DOCBOOK_XML_GZ_SIZE%%!$docbook_xml_gz_size!g" \
diff --git a/configure.ac b/configure.ac
index 64888e3..0891360 100644
--- a/configure.ac
+++ b/configure.ac
@@ -199,10 +199,9 @@ AC_PROG_LIBTOOL
dnl No fork on MinGW, disable some self-tests until we fix them.
-AC_CHECK_FUNCS([fork getrusage getpwuid_r daemon iconv],,)
+AC_CHECK_FUNCS([fork getrusage getpwuid_r daemon],,)
AM_CONDITIONAL(HAVE_FORK, test "$ac_cv_func_fork" != "no")
AC_LIB_HAVE_LINKFLAGS(pthread,, [#include <pthread.h>], [pthread_mutex_lock
(0);])
-AC_LIB_HAVE_LINKFLAGS(iconv,, [#include <iconv.h>], [iconv_open (0,0);])
AC_MSG_CHECKING([whether to build libdane])
AC_ARG_ENABLE(libdane,
diff --git a/doc/Makefile.am b/doc/Makefile.am
index f5d26d2..881b86f 100644
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -1481,10 +1481,14 @@ FUNCS += functions/gnutls_pubkey_import_url
FUNCS += functions/gnutls_pubkey_import_url.short
FUNCS += functions/gnutls_pubkey_import_x509
FUNCS += functions/gnutls_pubkey_import_x509.short
+FUNCS += functions/gnutls_pubkey_import_x509_crq
+FUNCS += functions/gnutls_pubkey_import_x509_crq.short
FUNCS += functions/gnutls_pubkey_import_x509_raw
FUNCS += functions/gnutls_pubkey_import_x509_raw.short
FUNCS += functions/gnutls_pubkey_init
FUNCS += functions/gnutls_pubkey_init.short
+FUNCS += functions/gnutls_pubkey_print
+FUNCS += functions/gnutls_pubkey_print.short
FUNCS += functions/gnutls_pubkey_set_key_usage
FUNCS += functions/gnutls_pubkey_set_key_usage.short
FUNCS += functions/gnutls_pubkey_set_pin_function
@@ -2027,6 +2031,8 @@ FUNCS += functions/gnutls_x509_crt_set_key_usage
FUNCS += functions/gnutls_x509_crt_set_key_usage.short
FUNCS += functions/gnutls_x509_crt_set_pin_function
FUNCS += functions/gnutls_x509_crt_set_pin_function.short
+FUNCS += functions/gnutls_x509_crt_set_policy
+FUNCS += functions/gnutls_x509_crt_set_policy.short
FUNCS += functions/gnutls_x509_crt_set_private_key_usage_period
FUNCS += functions/gnutls_x509_crt_set_private_key_usage_period.short
FUNCS += functions/gnutls_x509_crt_set_proxy
diff --git a/doc/cha-gtls-app.texi b/doc/cha-gtls-app.texi
index d2f84fd..fc8b61b 100644
--- a/doc/cha-gtls-app.texi
+++ b/doc/cha-gtls-app.texi
@@ -106,8 +106,12 @@ See @ref{Error codes}, for a description of the available
error codes.
@node Common types
@subsection Common types
-Several functions in @acronym{GnuTLS} use @code{gnutls_datum_t} which is
-convenient way to combine a pointer to data and data's size. Its definition is
+All strings that are to provided as input to @acronym{GnuTLS} functions
+should be in UTF-8 unless otherwise specified. Output strings are also
+in UTF-8 format unless otherwise specified.
+
+When data of a fixed size are provided to @acronym{GnuTLS} functions then
+the helper structure @code{gnutls_datum_t} is often used. Its definition is
shown below.
@verbatim
typedef struct
diff --git a/doc/invoke-certtool.texi b/doc/invoke-certtool.texi
index ed52118..1ac06b6 100644
--- a/doc/invoke-certtool.texi
+++ b/doc/invoke-certtool.texi
@@ -6,7 +6,7 @@
#
# DO NOT EDIT THIS FILE (invoke-certtool.texi)
#
-# It has been AutoGen-ed November 20, 2012 at 12:17:13 AM by AutoGen 5.16
+# It has been AutoGen-ed November 20, 2012 at 05:51:14 PM by AutoGen 5.16
# From the definitions ../src/certtool-args.def
# and the template file agtexi-cmd.tpl
@end ignore
@@ -71,6 +71,7 @@ USAGE: certtool [ -<flag> [<val>] | --<name>address@hidden|
@}<val>] ]...
--load-ca-privkey=str Loads the certificate authority's private key
file
--load-ca-certificate=str Loads the certificate authority's certificate
file
--password=str Password to use
+ --simple-numbers Print big number in an easier format to parse
--null-password Enforce a NULL password
-i, --certificate-info Print information on the given certificate
--certificate-pubkey Print certificate's public key
@@ -208,7 +209,7 @@ This option enforces a NULL password. This may be different
than the empty passw
@subheading pubkey-info option
This is the ``print information on a public key'' option.
-The option combined with --load-pubkey, --load-privkey and --load-certificate
will extract the public key of the object in question.
+The option combined with --load-request, --load-pubkey, --load-privkey and
--load-certificate will extract the public key of the object in question.
@anchor{certtool to-p12}
@subheading to-p12 option
@@ -544,11 +545,11 @@ signing_key
# ca_issuers_uri = http://my.ca.issuer
# Certificate policies
-# policy = 1.3.6.1.4.1.5484.1.10.99.1.0
+# policy1 = 1.3.6.1.4.1.5484.1.10.99.1.0
# policy1_txt = "This is a long policy to summarize"
# policy1_url = http://www.example.com/a-policy-to-read
-# policy = 1.3.6.1.4.1.5484.1.10.99.1.1
+# policy2 = 1.3.6.1.4.1.5484.1.10.99.1.1
# policy2_txt = "This is a short policy"
# policy2_url = http://www.example.com/another-policy-to-read
diff --git a/doc/manpages/Makefile.am b/doc/manpages/Makefile.am
index f336d1d..481af0f 100644
--- a/doc/manpages/Makefile.am
+++ b/doc/manpages/Makefile.am
@@ -550,8 +550,10 @@ APIMANS += gnutls_pubkey_import_tpm_raw.3
APIMANS += gnutls_pubkey_import_tpm_url.3
APIMANS += gnutls_pubkey_import_url.3
APIMANS += gnutls_pubkey_import_x509.3
+APIMANS += gnutls_pubkey_import_x509_crq.3
APIMANS += gnutls_pubkey_import_x509_raw.3
APIMANS += gnutls_pubkey_init.3
+APIMANS += gnutls_pubkey_print.3
APIMANS += gnutls_pubkey_set_key_usage.3
APIMANS += gnutls_pubkey_set_pin_function.3
APIMANS += gnutls_pubkey_verify_data.3
@@ -823,6 +825,7 @@ APIMANS += gnutls_x509_crt_set_key.3
APIMANS += gnutls_x509_crt_set_key_purpose_oid.3
APIMANS += gnutls_x509_crt_set_key_usage.3
APIMANS += gnutls_x509_crt_set_pin_function.3
+APIMANS += gnutls_x509_crt_set_policy.3
APIMANS += gnutls_x509_crt_set_private_key_usage_period.3
APIMANS += gnutls_x509_crt_set_proxy.3
APIMANS += gnutls_x509_crt_set_proxy_dn.3
diff --git a/gl/Makefile.am b/gl/Makefile.am
index a277b6f..1e232c3 100644
--- a/gl/Makefile.am
+++ b/gl/Makefile.am
@@ -21,7 +21,7 @@
# the same distribution terms as the rest of that program.
#
# Generated by gnulib-tool.
-# Reproduce by: gnulib-tool --import --dir=. --local-dir=gl/override
--lib=libgnu --source-base=gl --m4-base=gl/m4 --doc-base=doc
--tests-base=gl/tests --aux-dir=build-aux --with-tests --avoid=alignof-tests
--avoid=lock-tests --avoid=lseek-tests --no-conditional-dependencies --libtool
--macro-prefix=gl --no-vc-files accept alloca alphasort argp base64 bind
byteswap c-ctype close connect error extensions func gendocs getaddrinfo
getpass getsubopt gettext gettime hash-pjw-bare havelib inet_ntop inet_pton
lib-msvc-compat lib-symbol-versions listen maintainer-makefile manywarnings
memmem-simple minmax netdb netinet_in pmccabe2html progname read-file recv
recvfrom scandir select send sendto servent setsockopt shutdown snprintf socket
sockets socklen stdint strcase strndup strtok_r strverscmp sys_socket sys_stat
time_r timer-time timespec u64 unistd valgrind-tests vasprintf version-etc
version-etc-fsf vfprintf-posix vprintf-posix vsnprintf warnings
+# Reproduce by: gnulib-tool --import --dir=. --local-dir=gl/override
--lib=libgnu --source-base=gl --m4-base=gl/m4 --doc-base=doc
--tests-base=gl/tests --aux-dir=build-aux --with-tests --avoid=alignof-tests
--avoid=lock-tests --avoid=lseek-tests --no-conditional-dependencies --libtool
--macro-prefix=gl --no-vc-files accept alloca alphasort argp base64 bind
byteswap c-ctype close connect error extensions func gendocs getaddrinfo
getpass getsubopt gettext gettime hash-pjw-bare havelib iconv inet_ntop
inet_pton lib-msvc-compat lib-symbol-versions listen maintainer-makefile
manywarnings memmem-simple minmax netdb netinet_in pmccabe2html progname
read-file recv recvfrom scandir select send sendto servent setsockopt shutdown
snprintf socket sockets socklen stdint strcase strndup strtok_r strverscmp
sys_socket sys_stat time_r timer-time timespec u64 unistd valgrind-tests
vasprintf version-etc version-etc-fsf vfprintf-posix vprintf-posix vsnprintf
warnings
AUTOMAKE_OPTIONS = 1.5 gnits subdir-objects
@@ -59,6 +59,7 @@ libgnu_la_LDFLAGS += $(LIBSOCKET)
libgnu_la_LDFLAGS += $(LIB_CLOCK_GETTIME)
libgnu_la_LDFLAGS += $(LIB_SELECT)
libgnu_la_LDFLAGS += $(LIB_TIMER_TIME)
+libgnu_la_LDFLAGS += $(LTLIBICONV)
libgnu_la_LDFLAGS += $(LTLIBINTL)
libgnu_la_LDFLAGS += $(LTLIBTHREAD)
libgnu_la_LDFLAGS += $(SERVENT_LIB)
@@ -294,6 +295,15 @@ EXTRA_DIST += dosname.h
## end gnulib module dosname
+## begin gnulib module dup2
+
+
+EXTRA_DIST += dup2.c
+
+EXTRA_libgnu_la_SOURCES += dup2.c
+
+## end gnulib module dup2
+
## begin gnulib module errno
BUILT_SOURCES += $(ERRNO_H)
@@ -1784,6 +1794,7 @@ stdlib.h: stdlib.in.h $(top_builddir)/config.status
$(CXXDEFS_H) \
-e 's|@''REPLACE_MALLOC''@|$(REPLACE_MALLOC)|g' \
-e 's|@''REPLACE_MBTOWC''@|$(REPLACE_MBTOWC)|g' \
-e 's|@''REPLACE_MKSTEMP''@|$(REPLACE_MKSTEMP)|g' \
+ -e 's|@''REPLACE_PTSNAME''@|$(REPLACE_PTSNAME)|g' \
-e 's|@''REPLACE_PTSNAME_R''@|$(REPLACE_PTSNAME_R)|g' \
-e 's|@''REPLACE_PUTENV''@|$(REPLACE_PUTENV)|g' \
-e 's|@''REPLACE_RANDOM_R''@|$(REPLACE_RANDOM_R)|g' \
diff --git a/gl/tests/dup2.c b/gl/dup2.c
similarity index 100%
rename from gl/tests/dup2.c
rename to gl/dup2.c
diff --git a/gl/errno.in.h b/gl/errno.in.h
index 5e5af92..f9612c3 100644
--- a/gl/errno.in.h
+++ b/gl/errno.in.h
@@ -270,5 +270,10 @@
# define GNULIB_defined_ENOTRECOVERABLE 1
# endif
+# ifndef EILSEQ
+# define EILSEQ 2015
+# define GNULIB_defined_EILSEQ 1
+# endif
+
#endif /* address@hidden@_ERRNO_H */
#endif /* address@hidden@_ERRNO_H */
diff --git a/gl/m4/errno_h.m4 b/gl/m4/errno_h.m4
index 1e76ba2..4e33ba8 100644
--- a/gl/m4/errno_h.m4
+++ b/gl/m4/errno_h.m4
@@ -1,4 +1,4 @@
-# errno_h.m4 serial 11
+# errno_h.m4 serial 12
dnl Copyright (C) 2004, 2006, 2008-2012 Free Software Foundation, Inc.
dnl This file is free software; the Free Software Foundation
dnl gives unlimited permission to copy and/or distribute it,
@@ -58,6 +58,9 @@ booboo
#if !defined ENOTRECOVERABLE
booboo
#endif
+#if !defined EILSEQ
+booboo
+#endif
],
[gl_cv_header_errno_h_complete=no],
[gl_cv_header_errno_h_complete=yes])
diff --git a/gl/m4/gnulib-cache.m4 b/gl/m4/gnulib-cache.m4
index 04f3d46..0a3d49b 100644
--- a/gl/m4/gnulib-cache.m4
+++ b/gl/m4/gnulib-cache.m4
@@ -27,7 +27,7 @@
# Specification in the form of a command-line invocation:
-# gnulib-tool --import --dir=. --local-dir=gl/override --lib=libgnu
--source-base=gl --m4-base=gl/m4 --doc-base=doc --tests-base=gl/tests
--aux-dir=build-aux --with-tests --avoid=alignof-tests --avoid=lock-tests
--avoid=lseek-tests --no-conditional-dependencies --libtool --macro-prefix=gl
--no-vc-files accept alloca alphasort argp base64 bind byteswap c-ctype close
connect error extensions func gendocs getaddrinfo getpass getsubopt gettext
gettime hash-pjw-bare havelib inet_ntop inet_pton lib-msvc-compat
lib-symbol-versions listen maintainer-makefile manywarnings memmem-simple
minmax netdb netinet_in pmccabe2html progname read-file recv recvfrom scandir
select send sendto servent setsockopt shutdown snprintf socket sockets socklen
stdint strcase strndup strtok_r strverscmp sys_socket sys_stat time_r
timer-time timespec u64 unistd valgrind-tests vasprintf version-etc
version-etc-fsf vfprintf-posix vprintf-posix vsnprintf warnings
+# gnulib-tool --import --dir=. --local-dir=gl/override --lib=libgnu
--source-base=gl --m4-base=gl/m4 --doc-base=doc --tests-base=gl/tests
--aux-dir=build-aux --with-tests --avoid=alignof-tests --avoid=lock-tests
--avoid=lseek-tests --no-conditional-dependencies --libtool --macro-prefix=gl
--no-vc-files accept alloca alphasort argp base64 bind byteswap c-ctype close
connect error extensions func gendocs getaddrinfo getpass getsubopt gettext
gettime hash-pjw-bare havelib iconv inet_ntop inet_pton lib-msvc-compat
lib-symbol-versions listen maintainer-makefile manywarnings memmem-simple
minmax netdb netinet_in pmccabe2html progname read-file recv recvfrom scandir
select send sendto servent setsockopt shutdown snprintf socket sockets socklen
stdint strcase strndup strtok_r strverscmp sys_socket sys_stat time_r
timer-time timespec u64 unistd valgrind-tests vasprintf version-etc
version-etc-fsf vfprintf-posix vprintf-posix vsnprintf warnings
# Specification in the form of a few gnulib-tool.m4 macro invocations:
gl_LOCAL_DIR([gl/override])
@@ -53,6 +53,7 @@ gl_MODULES([
gettime
hash-pjw-bare
havelib
+ iconv
inet_ntop
inet_pton
lib-msvc-compat
diff --git a/gl/m4/gnulib-comp.m4 b/gl/m4/gnulib-comp.m4
index 9b61562..afef0fb 100644
--- a/gl/m4/gnulib-comp.m4
+++ b/gl/m4/gnulib-comp.m4
@@ -143,6 +143,8 @@ AC_DEFUN([gl_EARLY],
# Code from module hash-pjw-bare:
# Code from module havelib:
# Code from module hostent:
+ # Code from module iconv:
+ # Code from module iconv-tests:
# Code from module ignore-value:
# Code from module ignore-value-tests:
# Code from module include_next:
@@ -415,6 +417,12 @@ AC_SUBST([LTALLOCA])
gl_DIRENT_H
gl_DIRNAME_LGPL
gl_DOUBLE_SLASH_ROOT
+ gl_FUNC_DUP2
+ if test $HAVE_DUP2 = 0 || test $REPLACE_DUP2 = 1; then
+ AC_LIBOBJ([dup2])
+ gl_PREREQ_DUP2
+ fi
+ gl_UNISTD_MODULE_INDICATOR([dup2])
gl_HEADER_ERRNO_H
gl_ERROR
if test $ac_cv_lib_error_at_line = no; then
@@ -552,6 +560,9 @@ AC_SUBST([LTALLOCA])
[AC_CONFIG_LINKS([$GNUmakefile:$GNUmakefile], [],
[GNUmakefile=$GNUmakefile])])
gl_HOSTENT
+ AM_ICONV
+ m4_ifdef([gl_ICONV_MODULE_INDICATOR],
+ [gl_ICONV_MODULE_INDICATOR([iconv])])
gl_FUNC_INET_NTOP
if test $HAVE_INET_NTOP = 0 || test $REPLACE_INET_NTOP = 1; then
AC_LIBOBJ([inet_ntop])
@@ -891,12 +902,6 @@ changequote([, ])dnl
AC_SUBST([gltests_WITNESS])
gl_module_indicator_condition=$gltests_WITNESS
m4_pushdef([gl_MODULE_INDICATOR_CONDITION], [$gl_module_indicator_condition])
- gl_FUNC_DUP2
- if test $HAVE_DUP2 = 0 || test $REPLACE_DUP2 = 1; then
- AC_LIBOBJ([dup2])
- gl_PREREQ_DUP2
- fi
- gl_UNISTD_MODULE_INDICATOR([dup2])
gl_ENVIRON
gl_UNISTD_MODULE_INDICATOR([environ])
gl_FCNTL_H
@@ -1160,6 +1165,7 @@ AC_DEFUN([gl_FILE_LIST], [
lib/dirname-lgpl.c
lib/dirname.h
lib/dosname.h
+ lib/dup2.c
lib/errno.in.h
lib/error.c
lib/error.h
@@ -1562,6 +1568,7 @@ AC_DEFUN([gl_FILE_LIST], [
tests/test-getopt_long.h
tests/test-getpeername.c
tests/test-gettimeofday.c
+ tests/test-iconv.c
tests/test-ignore-value.c
tests/test-inet_ntop.c
tests/test-inet_pton.c
@@ -1662,7 +1669,6 @@ AC_DEFUN([gl_FILE_LIST], [
tests/zerosize-ptr.h
tests=lib/binary-io.c
tests=lib/binary-io.h
- tests=lib/dup2.c
tests=lib/fcntl.in.h
tests=lib/fdopen.c
tests=lib/ftruncate.c
diff --git a/gl/m4/select.m4 b/gl/m4/select.m4
index 037b3d3..d135a39 100644
--- a/gl/m4/select.m4
+++ b/gl/m4/select.m4
@@ -1,4 +1,4 @@
-# select.m4 serial 6
+# select.m4 serial 7
dnl Copyright (C) 2009-2012 Free Software Foundation, Inc.
dnl This file is free software; the Free Software Foundation
dnl gives unlimited permission to copy and/or distribute it,
@@ -46,6 +46,44 @@ changequote([,])dnl
*yes) ;;
*) REPLACE_SELECT=1 ;;
esac
+
+ dnl On FreeBSD 8.2, select() doesn't always reject bad fds.
+ AC_CACHE_CHECK([whether select detects invalid fds],
+ [gl_cv_func_select_detects_ebadf],
+ [
+ AC_RUN_IFELSE([AC_LANG_PROGRAM([[
+#include <sys/types.h>
+#include <sys/time.h>
+#if HAVE_SYS_SELECT_H
+# include <sys/select.h>
+#endif
+#include <unistd.h>
+#include <errno.h>
+]],[[
+ fd_set set;
+ dup2(0, 16);
+ FD_ZERO(&set);
+ FD_SET(16, &set);
+ close(16);
+ struct timeval timeout;
+ timeout.tv_sec = 0;
+ timeout.tv_usec = 5;
+ return select (17, &set, NULL, NULL, &timeout) != -1 || errno != EBADF;
+]])], [gl_cv_func_select_detects_ebadf=yes],
+ [gl_cv_func_select_detects_ebadf=no],
+ [
+ case "$host_os" in
+ # Guess yes on glibc systems.
+ *-gnu*) gl_cv_func_select_detects_ebadf="guessing yes" ;;
+ # If we don't know, assume the worst.
+ *) gl_cv_func_select_detects_ebadf="guessing no" ;;
+ esac
+ ])
+ ])
+ case $gl_cv_func_select_detects_ebadf in
+ *yes) ;;
+ *) REPLACE_SELECT=1 ;;
+ esac
fi
dnl Determine the needed libraries.
diff --git a/gl/m4/stdlib_h.m4 b/gl/m4/stdlib_h.m4
index ab43728..9c69f2e 100644
--- a/gl/m4/stdlib_h.m4
+++ b/gl/m4/stdlib_h.m4
@@ -102,6 +102,7 @@ AC_DEFUN([gl_STDLIB_H_DEFAULTS],
REPLACE_MALLOC=0; AC_SUBST([REPLACE_MALLOC])
REPLACE_MBTOWC=0; AC_SUBST([REPLACE_MBTOWC])
REPLACE_MKSTEMP=0; AC_SUBST([REPLACE_MKSTEMP])
+ REPLACE_PTSNAME=0; AC_SUBST([REPLACE_PTSNAME])
REPLACE_PTSNAME_R=0; AC_SUBST([REPLACE_PTSNAME_R])
REPLACE_PUTENV=0; AC_SUBST([REPLACE_PUTENV])
REPLACE_RANDOM_R=0; AC_SUBST([REPLACE_RANDOM_R])
diff --git a/gl/select.c b/gl/select.c
index d6acb5c..af043c5 100644
--- a/gl/select.c
+++ b/gl/select.c
@@ -507,6 +507,8 @@ restart:
#include <sys/select.h>
#include <stddef.h> /* NULL */
+#include <errno.h>
+#include <unistd.h>
#undef select
@@ -514,6 +516,23 @@ int
rpl_select (int nfds, fd_set *rfds, fd_set *wfds, fd_set *xfds,
struct timeval *timeout)
{
+ int i;
+
+ /* FreeBSD 8.2 has a bug: it does not always detect invalid fds. */
+ if (nfds < 0 || nfds > FD_SETSIZE)
+ {
+ errno = EINVAL;
+ return -1;
+ }
+ for (i = 0; i < nfds; i++)
+ {
+ if (((rfds && FD_ISSET (i, rfds))
+ || (wfds && FD_ISSET (i, wfds))
+ || (xfds && FD_ISSET (i, xfds)))
+ && dup2 (i, i) != i)
+ return -1;
+ }
+
/* Interix 3.5 has a bug: it does not support nfds == 0. */
if (nfds == 0)
{
diff --git a/gl/stdlib.in.h b/gl/stdlib.in.h
index 1d67ec6..6555840 100644
--- a/gl/stdlib.in.h
+++ b/gl/stdlib.in.h
@@ -457,10 +457,19 @@ _GL_WARN_ON_USE (posix_openpt, "posix_openpt is not
portable - "
#if @GNULIB_PTSNAME@
/* Return the pathname of the pseudo-terminal slave associated with
the master FD is open on, or NULL on errors. */
-# if address@hidden@
+# if @REPLACE_PTSNAME@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef ptsname
+# define ptsname rpl_ptsname
+# endif
+_GL_FUNCDECL_RPL (ptsname, char *, (int fd));
+_GL_CXXALIAS_RPL (ptsname, char *, (int fd));
+# else
+# if address@hidden@
_GL_FUNCDECL_SYS (ptsname, char *, (int fd));
-# endif
+# endif
_GL_CXXALIAS_SYS (ptsname, char *, (int fd));
+# endif
_GL_CXXALIASWARN (ptsname);
#elif defined GNULIB_POSIXCHECK
# undef ptsname
diff --git a/gl/strerror-override.c b/gl/strerror-override.c
index 9f55cfa..f7cac65 100644
--- a/gl/strerror-override.c
+++ b/gl/strerror-override.c
@@ -291,6 +291,11 @@ strerror_override (int errnum)
return "State not recoverable";
#endif
+#if GNULIB_defined_EILSEQ
+ case EILSEQ:
+ return "Invalid or incomplete multibyte or wide character";
+#endif
+
default:
return NULL;
}
diff --git a/gl/strerror-override.h b/gl/strerror-override.h
index fe1fb2c..6468681 100644
--- a/gl/strerror-override.h
+++ b/gl/strerror-override.h
@@ -46,7 +46,8 @@
|| GNULIB_defined_EDQUOT \
|| GNULIB_defined_ECANCELED \
|| GNULIB_defined_EOWNERDEAD \
- || GNULIB_defined_ENOTRECOVERABLE
+ || GNULIB_defined_ENOTRECOVERABLE \
+ || GNULIB_defined_EILSEQ
extern const char *strerror_override (int errnum);
# else
# define strerror_override(ignored) NULL
diff --git a/gl/tests/Makefile.am b/gl/tests/Makefile.am
index 5a74e77..70cc6d6 100644
--- a/gl/tests/Makefile.am
+++ b/gl/tests/Makefile.am
@@ -167,15 +167,6 @@ EXTRA_DIST += test-dirent.c
## end gnulib module dirent-tests
-## begin gnulib module dup2
-
-
-EXTRA_DIST += dup2.c
-
-EXTRA_libtests_a_SOURCES += dup2.c
-
-## end gnulib module dup2
-
## begin gnulib module dup2-tests
TESTS += test-dup2
@@ -477,6 +468,16 @@ EXTRA_DIST += signature.h test-gettimeofday.c
## end gnulib module gettimeofday-tests
+## begin gnulib module iconv-tests
+
+TESTS += test-iconv
+check_PROGRAMS += test-iconv
+test_iconv_LDADD = $(LDADD) @LIBICONV@
+
+EXTRA_DIST += test-iconv.c signature.h macros.h
+
+## end gnulib module iconv-tests
+
## begin gnulib module ignore-value
diff --git a/gl/tests/fcntl.in.h b/gl/tests/fcntl.in.h
index 76e12f7..604c31b 100644
--- a/gl/tests/fcntl.in.h
+++ b/gl/tests/fcntl.in.h
@@ -216,6 +216,10 @@ _GL_WARN_ON_USE (openat, "openat is not portable - "
# define O_EXEC O_RDONLY /* This is often close enough in older systems. */
#endif
+#ifndef O_IGNORE_CTTY
+# define O_IGNORE_CTTY 0
+#endif
+
#ifndef O_NDELAY
# define O_NDELAY 0
#endif
@@ -249,10 +253,18 @@ _GL_WARN_ON_USE (openat, "openat is not portable - "
# define O_NOFOLLOW 0
#endif
+#ifndef O_NOLINK
+# define O_NOLINK 0
+#endif
+
#ifndef O_NOLINKS
# define O_NOLINKS 0
#endif
+#ifndef O_NOTRANS
+# define O_NOTRANS 0
+#endif
+
#ifndef O_RSYNC
# define O_RSYNC 0
#endif
@@ -269,7 +281,7 @@ _GL_WARN_ON_USE (openat, "openat is not portable - "
# define O_TTY_INIT 0
#endif
-#if O_ACCMODE != (O_RDONLY | O_WRONLY | O_RDWR | O_EXEC | O_SEARCH)
+#if ~O_ACCMODE & (O_RDONLY | O_WRONLY | O_RDWR | O_EXEC | O_SEARCH)
# undef O_ACCMODE
# define O_ACCMODE (O_RDONLY | O_WRONLY | O_RDWR | O_EXEC | O_SEARCH)
#endif
diff --git a/gl/tests/test-fcntl-h.c b/gl/tests/test-fcntl-h.c
index 00c5468..a6c9621 100644
--- a/gl/tests/test-fcntl-h.c
+++ b/gl/tests/test-fcntl-h.c
@@ -21,9 +21,9 @@
#include <fcntl.h>
/* Check that the various O_* macros are defined. */
-int o = O_DIRECT | O_DIRECTORY | O_DSYNC | O_NDELAY | O_NOATIME | O_NONBLOCK
- | O_NOCTTY | O_NOFOLLOW | O_NOLINKS | O_RSYNC | O_SYNC | O_TTY_INIT
- | O_BINARY | O_TEXT;
+int o = (O_DIRECT | O_DIRECTORY | O_DSYNC | O_IGNORE_CTTY | O_NDELAY |
O_NOATIME
+ | O_NONBLOCK | O_NOCTTY | O_NOFOLLOW | O_NOLINK | O_NOLINKS | O_NOTRANS
+ | O_RSYNC | O_SYNC | O_TTY_INIT | O_BINARY | O_TEXT);
/* Check that the various SEEK_* macros are defined. */
int sk[] = { SEEK_CUR, SEEK_END, SEEK_SET };
@@ -61,7 +61,7 @@ main (void)
#if O_SEARCH && O_EXEC != O_SEARCH && O_SEARCH != O_RDONLY
case O_SEARCH:
#endif
- i = O_ACCMODE == (O_RDONLY | O_WRONLY | O_RDWR | O_EXEC | O_SEARCH);
+ i = ! (~O_ACCMODE & (O_RDONLY | O_WRONLY | O_RDWR | O_EXEC | O_SEARCH));
break;
/* Everyone should have these */
@@ -84,6 +84,9 @@ main (void)
#if O_DSYNC
case O_DSYNC:
#endif
+#if O_IGNORE_CTTY
+ case O_IGNORE_CTTY:
+#endif
#if O_NOATIME
case O_NOATIME:
#endif
@@ -96,9 +99,15 @@ main (void)
#if O_NOFOLLOW
case O_NOFOLLOW:
#endif
+#if O_NOLINK
+ case O_NOLINK:
+#endif
#if O_NOLINKS
case O_NOLINKS:
#endif
+#if O_NOTRANS
+ case O_NOTRANS:
+#endif
#if O_RSYNC && O_RSYNC != O_DSYNC
case O_RSYNC:
#endif
diff --git a/gl/tests/test-iconv.c b/gl/tests/test-iconv.c
new file mode 100644
index 0000000..333af2a
--- /dev/null
+++ b/gl/tests/test-iconv.c
@@ -0,0 +1,148 @@
+/* Test of character set conversion.
+ Copyright (C) 2007-2012 Free Software Foundation, Inc.
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>. */
+
+/* Written by Bruno Haible <address@hidden>, 2007. */
+
+#include <config.h>
+
+#if HAVE_ICONV
+# include <iconv.h>
+
+# ifndef ICONV_CONST
+# define ICONV_CONST /* empty */
+# endif
+
+#include "signature.h"
+SIGNATURE_CHECK (iconv, size_t, (iconv_t, ICONV_CONST char **, size_t *,
+ char **, size_t *));
+SIGNATURE_CHECK (iconv_close, int, (iconv_t x));
+SIGNATURE_CHECK (iconv_open, iconv_t, (char const *, char const *));
+
+#endif
+
+#include <errno.h>
+#include <string.h>
+
+#include "macros.h"
+
+int
+main ()
+{
+#if HAVE_ICONV
+ /* Assume that iconv() supports at least the encodings ASCII, ISO-8859-1,
+ and UTF-8. */
+ iconv_t cd_88591_to_utf8 = iconv_open ("UTF-8", "ISO-8859-1");
+ iconv_t cd_utf8_to_88591 = iconv_open ("ISO-8859-1", "UTF-8");
+
+ ASSERT (cd_88591_to_utf8 != (iconv_t)(-1));
+ ASSERT (cd_utf8_to_88591 != (iconv_t)(-1));
+
+ /* Test conversion from ISO-8859-1 to UTF-8 with no errors. */
+ {
+ static const char input[] = "\304rger mit b\366sen B\374bchen ohne
Augenma\337";
+ static const char expected[] = "\303\204rger mit b\303\266sen
B\303\274bchen ohne Augenma\303\237";
+ char buf[50];
+ const char *inptr = input;
+ size_t inbytesleft = strlen (input);
+ char *outptr = buf;
+ size_t outbytesleft = sizeof (buf);
+ size_t res = iconv (cd_88591_to_utf8,
+ (ICONV_CONST char **) &inptr, &inbytesleft,
+ &outptr, &outbytesleft);
+ ASSERT (res == 0 && inbytesleft == 0);
+ ASSERT (outptr == buf + strlen (expected));
+ ASSERT (memcmp (buf, expected, strlen (expected)) == 0);
+ }
+
+ /* Test conversion from ISO-8859-1 to UTF-8 with E2BIG. */
+ {
+ static const char input[] = "\304";
+ static char buf[2] = { (char)0xDE, (char)0xAD };
+ const char *inptr = input;
+ size_t inbytesleft = 1;
+ char *outptr = buf;
+ size_t outbytesleft = 1;
+ size_t res = iconv (cd_88591_to_utf8,
+ (ICONV_CONST char **) &inptr, &inbytesleft,
+ &outptr, &outbytesleft);
+ ASSERT (res == (size_t)(-1) && errno == E2BIG);
+ ASSERT (inbytesleft == 1);
+ ASSERT (outbytesleft == 1);
+ ASSERT ((unsigned char) buf[1] == 0xAD);
+ ASSERT ((unsigned char) buf[0] == 0xDE);
+ }
+
+ /* Test conversion from UTF-8 to ISO-8859-1 with no errors. */
+ {
+ static const char input[] = "\303\204rger mit b\303\266sen B\303\274bchen
ohne Augenma\303\237";
+ static const char expected[] = "\304rger mit b\366sen B\374bchen ohne
Augenma\337";
+ char buf[50];
+ const char *inptr = input;
+ size_t inbytesleft = strlen (input);
+ char *outptr = buf;
+ size_t outbytesleft = sizeof (buf);
+ size_t res = iconv (cd_utf8_to_88591,
+ (ICONV_CONST char **) &inptr, &inbytesleft,
+ &outptr, &outbytesleft);
+ ASSERT (res == 0 && inbytesleft == 0);
+ ASSERT (outptr == buf + strlen (expected));
+ ASSERT (memcmp (buf, expected, strlen (expected)) == 0);
+ }
+
+ /* Test conversion from UTF-8 to ISO-8859-1 with EILSEQ. */
+ {
+ static const char input[] = "\342\202\254"; /* EURO SIGN */
+ char buf[10];
+ const char *inptr = input;
+ size_t inbytesleft = strlen (input);
+ char *outptr = buf;
+ size_t outbytesleft = sizeof (buf);
+ size_t res = iconv (cd_utf8_to_88591,
+ (ICONV_CONST char **) &inptr, &inbytesleft,
+ &outptr, &outbytesleft);
+ if (res == (size_t)(-1))
+ {
+ ASSERT (errno == EILSEQ);
+ ASSERT (inbytesleft == strlen (input) && outptr == buf);
+ }
+ else
+ {
+ ASSERT (res == 1);
+ ASSERT (inbytesleft == 0);
+ }
+ }
+
+ /* Test conversion from UTF-8 to ISO-8859-1 with EINVAL. */
+ {
+ static const char input[] = "\342";
+ char buf[10];
+ const char *inptr = input;
+ size_t inbytesleft = 1;
+ char *outptr = buf;
+ size_t outbytesleft = sizeof (buf);
+ size_t res = iconv (cd_utf8_to_88591,
+ (ICONV_CONST char **) &inptr, &inbytesleft,
+ &outptr, &outbytesleft);
+ ASSERT (res == (size_t)(-1) && errno == EINVAL);
+ ASSERT (inbytesleft == 1 && outptr == buf);
+ }
+
+ iconv_close (cd_88591_to_utf8);
+ iconv_close (cd_utf8_to_88591);
+#endif
+
+ return 0;
+}
diff --git a/gl/tests/test-select.h b/gl/tests/test-select.h
index af0e38c..e9cb7d0 100644
--- a/gl/tests/test-select.h
+++ b/gl/tests/test-select.h
@@ -227,6 +227,29 @@ test_tty (select_fn my_select)
#endif
+static int
+do_select_bad_nfd_nowait (int nfd, select_fn my_select)
+{
+ struct timeval tv0;
+ tv0.tv_sec = 0;
+ tv0.tv_usec = 0;
+ errno = 0;
+ return my_select (nfd, NULL, NULL, NULL, &tv0);
+}
+
+static void
+test_bad_nfd (select_fn my_select)
+{
+ if (do_select_bad_nfd_nowait (-1, my_select) != -1 || errno != EINVAL)
+ failed ("invalid errno after negative nfds");
+ /* Can't test FD_SETSIZE + 1 for EINVAL, since some systems allow
+ dynamically larger set size by redefining FD_SETSIZE anywhere up
+ to the actual maximum fd. */
+ /* if (do_select_bad_nfd_nowait (FD_SETSIZE + 1, my_select) != -1 */
+ /* || errno != EINVAL) */
+ /* failed ("invalid errno after bogus nfds"); */
+}
+
/* Test select(2) on invalid file descriptors. */
static int
@@ -243,6 +266,7 @@ do_select_bad_fd (int fd, int ev, struct timeval *timeout,
select_fn my_select)
FD_SET (fd, &wfds);
if (ev & SEL_EXC)
FD_SET (fd, &xfds);
+ errno = 0;
return my_select (fd + 1, &rfds, &wfds, &xfds, timeout);
/* In this case, when fd is invalid, on some platforms, the bit for fd
is left alone in the fd_set, whereas on other platforms it is cleared.
@@ -426,6 +450,7 @@ test_function (select_fn my_select)
test (test_tty, "TTY", my_select);
#endif
+ result += test (test_bad_nfd, my_select, "Invalid nfd test");
result += test (test_bad_fd, my_select, "Invalid fd test");
result += test (test_connect_first, my_select, "Unconnected socket test");
result += test (test_socket_pair, my_select, "Connected sockets test");
diff --git a/lib/gnutls_pubkey.c b/lib/gnutls_pubkey.c
index e9dbcbe..2c662c4 100644
--- a/lib/gnutls_pubkey.c
+++ b/lib/gnutls_pubkey.c
@@ -179,6 +179,42 @@ gnutls_pubkey_import_x509 (gnutls_pubkey_t key,
gnutls_x509_crt_t crt,
}
/**
+ * gnutls_pubkey_import_x509_crq:
+ * @key: The public key
+ * @crq: The certificate to be imported
+ * @flags: should be zero
+ *
+ * This function will import the given public key to the abstract
+ * #gnutls_pubkey_t structure.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
+ * negative error value.
+ *
+ * Since: 3.1.5
+ **/
+int
+gnutls_pubkey_import_x509_crq (gnutls_pubkey_t key, gnutls_x509_crq_t crq,
+ unsigned int flags)
+{
+ int ret;
+
+ key->pk_algorithm = gnutls_x509_crq_get_pk_algorithm (crq, &key->bits);
+
+ ret = gnutls_x509_crq_get_key_usage (crq, &key->key_usage, NULL);
+ if (ret < 0)
+ key->key_usage = 0;
+
+ ret = _gnutls_x509_crq_get_mpis (crq, &key->params);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ return 0;
+}
+
+/**
* gnutls_pubkey_import_privkey:
* @key: The public key
* @pkey: The private key
diff --git a/lib/includes/gnutls/abstract.h b/lib/includes/gnutls/abstract.h
index 36aa89c..204e329 100644
--- a/lib/includes/gnutls/abstract.h
+++ b/lib/includes/gnutls/abstract.h
@@ -64,6 +64,8 @@ int gnutls_pubkey_get_pk_algorithm (gnutls_pubkey_t key,
unsigned int *bits);
int gnutls_pubkey_import_x509 (gnutls_pubkey_t key, gnutls_x509_crt_t crt,
unsigned int flags);
+int gnutls_pubkey_import_x509_crq (gnutls_pubkey_t key, gnutls_x509_crq_t crq,
+ unsigned int flags);
int gnutls_pubkey_import_pkcs11 (gnutls_pubkey_t key,
gnutls_pkcs11_obj_t obj, unsigned int flags);
int gnutls_pubkey_import_openpgp (gnutls_pubkey_t key,
@@ -387,6 +389,11 @@ int gnutls_pubkey_verify_hash (gnutls_pubkey_t key,
unsigned int flags,
const gnutls_datum_t * hash,
const gnutls_datum_t * signature)
_GNUTLS_GCC_ATTR_DEPRECATED;
+int
+gnutls_pubkey_print (gnutls_pubkey_t pubkey,
+ gnutls_certificate_print_formats_t format,
+ gnutls_datum_t * out);
+
#ifdef __cplusplus
}
#endif
diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
index 0a07565..23bea88 100644
--- a/lib/includes/gnutls/gnutls.h.in
+++ b/lib/includes/gnutls/gnutls.h.in
@@ -572,6 +572,7 @@ extern "C"
/**
* gnutls_certificate_print_formats_t:
* @GNUTLS_CRT_PRINT_FULL: Full information about certificate.
+ * @GNUTLS_CRT_PRINT_FULL_NUMBERS: Full information about certificate and
include easy to parse public key parameters.
* @GNUTLS_CRT_PRINT_COMPACT: Information about certificate name in one line,
plus identification of the public key.
* @GNUTLS_CRT_PRINT_ONELINE: Information about certificate in one line.
* @GNUTLS_CRT_PRINT_UNSIGNED_FULL: All info for an unsigned certificate.
@@ -583,7 +584,8 @@ extern "C"
GNUTLS_CRT_PRINT_FULL = 0,
GNUTLS_CRT_PRINT_ONELINE = 1,
GNUTLS_CRT_PRINT_UNSIGNED_FULL = 2,
- GNUTLS_CRT_PRINT_COMPACT = 3
+ GNUTLS_CRT_PRINT_COMPACT = 3,
+ GNUTLS_CRT_PRINT_FULL_NUMBERS = 4,
} gnutls_certificate_print_formats_t;
#define GNUTLS_PK_ECC GNUTLS_PK_EC
diff --git a/lib/libgnutls.map b/lib/libgnutls.map
index 6a53b8f..c19a3c1 100644
--- a/lib/libgnutls.map
+++ b/lib/libgnutls.map
@@ -874,6 +874,8 @@ GNUTLS_3_1_0 {
gnutls_x509_crt_get_policy;
gnutls_certificate_policy_release;
gnutls_x509_crt_set_policy;
+ gnutls_pubkey_import_x509_crq;
+ gnutls_pubkey_print;
} GNUTLS_3_0_0;
GNUTLS_PRIVATE {
diff --git a/lib/system.c b/lib/system.c
index b2eee24..dcca145 100644
--- a/lib/system.c
+++ b/lib/system.c
@@ -473,7 +473,7 @@
gnutls_x509_trust_list_add_system_trust(gnutls_x509_trust_list_t list,
#endif
}
-#if defined(HAVE_ICONV) || defined(HAVE_LIBICONV)
+#if defined(HAVE_ICONV)
# include <iconv.h>
diff --git a/lib/x509/output.c b/lib/x509/output.c
index 6ac7c47..09f6150 100644
--- a/lib/x509/output.c
+++ b/lib/x509/output.c
@@ -63,66 +63,67 @@ ip_to_string (void *_ip, int ip_size, char *string, int
string_size)
switch (ip_size)
{
case 4:
- snprintf (string, string_size, "%u.%u.%u.%u", ip[0], ip[1], ip[2],
ip[3]);
+ snprintf (string, string_size, "%u.%u.%u.%u", ip[0], ip[1], ip[2],
+ ip[3]);
break;
case 16:
snprintf (string, string_size, "%x:%x:%x:%x:%x:%x:%x:%x",
- (ip[0] << 8) | ip[1], (ip[2] << 8) | ip[3],
- (ip[4] << 8) | ip[5], (ip[6] << 8) | ip[7],
- (ip[8] << 8) | ip[9], (ip[10] << 8) | ip[11],
- (ip[12] << 8) | ip[13], (ip[14] << 8) | ip[15]);
+ (ip[0] << 8) | ip[1], (ip[2] << 8) | ip[3],
+ (ip[4] << 8) | ip[5], (ip[6] << 8) | ip[7],
+ (ip[8] << 8) | ip[9], (ip[10] << 8) | ip[11],
+ (ip[12] << 8) | ip[13], (ip[14] << 8) | ip[15]);
break;
}
return string;
}
-static void add_altname(gnutls_buffer_st * str, const char* prefix, unsigned
int alt_type,
- char* name, size_t name_size)
+static void
+add_altname (gnutls_buffer_st * str, const char *prefix,
+ unsigned int alt_type, char *name, size_t name_size)
{
-char str_ip[64];
-char *p;
+ char str_ip[64];
+ char *p;
- if ((alt_type == GNUTLS_SAN_DNSNAME
- || alt_type == GNUTLS_SAN_RFC822NAME
- || alt_type == GNUTLS_SAN_URI) && strlen (name) != name_size)
- {
- adds (str, _("warning: altname contains an embedded NUL, "
- "replacing with '!'\n"));
- while (strlen (name) < name_size)
- name[strlen (name)] = '!';
- }
+ if ((alt_type == GNUTLS_SAN_DNSNAME
+ || alt_type == GNUTLS_SAN_RFC822NAME
+ || alt_type == GNUTLS_SAN_URI) && strlen (name) != name_size)
+ {
+ adds (str, _("warning: altname contains an embedded NUL, "
+ "replacing with '!'\n"));
+ while (strlen (name) < name_size)
+ name[strlen (name)] = '!';
+ }
- switch (alt_type)
- {
- case GNUTLS_SAN_DNSNAME:
- addf (str, "%s\t\t\tDNSname: %.*s\n", prefix, (int) name_size, name);
- break;
+ switch (alt_type)
+ {
+ case GNUTLS_SAN_DNSNAME:
+ addf (str, "%s\t\t\tDNSname: %.*s\n", prefix, (int) name_size, name);
+ break;
- case GNUTLS_SAN_RFC822NAME:
- addf (str, "%s\t\t\tRFC822name: %.*s\n", prefix, (int) name_size,
- name);
- break;
+ case GNUTLS_SAN_RFC822NAME:
+ addf (str, "%s\t\t\tRFC822name: %.*s\n", prefix, (int) name_size, name);
+ break;
- case GNUTLS_SAN_URI:
- addf (str, "%s\t\t\tURI: %.*s\n", prefix, (int) name_size, name);
- break;
+ case GNUTLS_SAN_URI:
+ addf (str, "%s\t\t\tURI: %.*s\n", prefix, (int) name_size, name);
+ break;
- case GNUTLS_SAN_IPADDRESS:
- p = ip_to_string (name, name_size, str_ip, sizeof (str_ip));
- if (p == NULL)
- p = ERROR_STR;
- addf (str, "%s\t\t\tIPAddress: %s\n", prefix, p);
- break;
+ case GNUTLS_SAN_IPADDRESS:
+ p = ip_to_string (name, name_size, str_ip, sizeof (str_ip));
+ if (p == NULL)
+ p = ERROR_STR;
+ addf (str, "%s\t\t\tIPAddress: %s\n", prefix, p);
+ break;
- case GNUTLS_SAN_DN:
- addf (str, "%s\t\t\tdirectoryName: %.*s\n", prefix,
- (int) name_size, name);
- break;
- default:
- addf (str, "error: unknown altname\n");
- break;
- }
+ case GNUTLS_SAN_DN:
+ addf (str, "%s\t\t\tdirectoryName: %.*s\n", prefix,
+ (int) name_size, name);
+ break;
+ default:
+ addf (str, "error: unknown altname\n");
+ break;
+ }
}
static void
@@ -172,48 +173,48 @@ print_aia (gnutls_buffer_st * str, gnutls_x509_crt_t cert)
for (;;)
{
err = gnutls_x509_crt_get_authority_info_access
- (cert, seq, GNUTLS_IA_ACCESSMETHOD_OID, &data, NULL);
+ (cert, seq, GNUTLS_IA_ACCESSMETHOD_OID, &data, NULL);
if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
- return;
+ return;
if (err < 0)
- {
- addf (str, "error: get_aia: %s\n", gnutls_strerror (err));
- return;
- }
+ {
+ addf (str, "error: get_aia: %s\n", gnutls_strerror (err));
+ return;
+ }
addf (str, _("\t\t\tAccess Method: %.*s"), data.size, data.data);
if (data.size == sizeof (GNUTLS_OID_AD_OCSP) &&
- memcmp (data.data, GNUTLS_OID_AD_OCSP, data.size) == 0)
- adds (str, " (id-ad-ocsp)\n");
+ memcmp (data.data, GNUTLS_OID_AD_OCSP, data.size) == 0)
+ adds (str, " (id-ad-ocsp)\n");
else if (data.size == sizeof (GNUTLS_OID_AD_CAISSUERS) &&
- memcmp (data.data, GNUTLS_OID_AD_CAISSUERS, data.size) == 0)
- adds (str, " (id-ad-caIssuers)\n");
+ memcmp (data.data, GNUTLS_OID_AD_CAISSUERS, data.size) == 0)
+ adds (str, " (id-ad-caIssuers)\n");
else
- adds (str, " (UNKNOWN)\n");
+ adds (str, " (UNKNOWN)\n");
err = gnutls_x509_crt_get_authority_info_access
- (cert, seq, GNUTLS_IA_ACCESSLOCATION_GENERALNAME_TYPE, &data, NULL);
+ (cert, seq, GNUTLS_IA_ACCESSLOCATION_GENERALNAME_TYPE, &data, NULL);
if (err < 0)
- {
- addf (str, "error: get_aia type: %s\n", gnutls_strerror (err));
- return;
- }
+ {
+ addf (str, "error: get_aia type: %s\n", gnutls_strerror (err));
+ return;
+ }
if (data.size == sizeof ("uniformResourceIdentifier") &&
- memcmp (data.data, "uniformResourceIdentifier", data.size) == 0)
- {
- adds (str, "\t\t\tAccess Location URI: ");
- err = gnutls_x509_crt_get_authority_info_access
- (cert, seq, GNUTLS_IA_URI, &data, NULL);
- if (err < 0)
- {
- addf (str, "error: get_aia uri: %s\n", gnutls_strerror (err));
- return;
- }
- addf (str, "%.*s\n", data.size, data.data);
- }
+ memcmp (data.data, "uniformResourceIdentifier", data.size) == 0)
+ {
+ adds (str, "\t\t\tAccess Location URI: ");
+ err = gnutls_x509_crt_get_authority_info_access
+ (cert, seq, GNUTLS_IA_URI, &data, NULL);
+ if (err < 0)
+ {
+ addf (str, "error: get_aia uri: %s\n", gnutls_strerror (err));
+ return;
+ }
+ addf (str, "%.*s\n", data.size, data.data);
+ }
else
- adds (str, "\t\t\tUnsupported accessLocation type\n");
+ adds (str, "\t\t\tUnsupported accessLocation type\n");
seq++;
}
@@ -259,6 +260,7 @@ print_ski (gnutls_buffer_st * str, gnutls_x509_crt_t cert)
#define TYPE_CRL 1
#define TYPE_CRT 2
#define TYPE_CRQ 3
+#define TYPE_PUBKEY 4
#define TYPE_CRT_SAN TYPE_CRT
#define TYPE_CRQ_SAN TYPE_CRQ
@@ -269,6 +271,7 @@ typedef union
gnutls_x509_crt_t crt;
gnutls_x509_crq_t crq;
gnutls_x509_crl_t crl;
+ gnutls_pubkey_t pubkey;
} cert_type_t;
static void
@@ -276,27 +279,30 @@ print_aki_gn_serial (gnutls_buffer_st * str, int type,
cert_type_t cert)
{
char *buffer = NULL;
char serial[128];
- size_t size = 0, serial_size = sizeof(serial);
+ size_t size = 0, serial_size = sizeof (serial);
unsigned int alt_type;
int err;
if (type == TYPE_CRT)
err =
- gnutls_x509_crt_get_authority_key_gn_serial(cert.crt, 0, NULL, &size,
- &alt_type, serial,
&serial_size, NULL);
+ gnutls_x509_crt_get_authority_key_gn_serial (cert.crt, 0, NULL, &size,
+ &alt_type, serial,
+ &serial_size, NULL);
else if (type == TYPE_CRL)
err =
- gnutls_x509_crl_get_authority_key_gn_serial(cert.crl, 0, NULL, &size,
- &alt_type, serial,
&serial_size, NULL);
+ gnutls_x509_crl_get_authority_key_gn_serial (cert.crl, 0, NULL, &size,
+ &alt_type, serial,
+ &serial_size, NULL);
else
{
gnutls_assert ();
return;
}
-
+
if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
{
- addf (str, "error: get_authority_key_gn_serial: %s\n", gnutls_strerror
(err));
+ addf (str, "error: get_authority_key_gn_serial: %s\n",
+ gnutls_strerror (err));
return;
}
@@ -310,21 +316,24 @@ print_aki_gn_serial (gnutls_buffer_st * str, int type,
cert_type_t cert)
if (type == TYPE_CRT)
err =
- gnutls_x509_crt_get_authority_key_gn_serial(cert.crt, 0, buffer, &size,
- &alt_type, serial,
&serial_size, NULL);
+ gnutls_x509_crt_get_authority_key_gn_serial (cert.crt, 0, buffer, &size,
+ &alt_type, serial,
+ &serial_size, NULL);
else
err =
- gnutls_x509_crl_get_authority_key_gn_serial(cert.crl, 0, buffer, &size,
- &alt_type, serial,
&serial_size, NULL);
+ gnutls_x509_crl_get_authority_key_gn_serial (cert.crl, 0, buffer, &size,
+ &alt_type, serial,
+ &serial_size, NULL);
if (err < 0)
{
gnutls_free (buffer);
- addf (str, "error: get_authority_key_gn_serial2: %s\n", gnutls_strerror
(err));
+ addf (str, "error: get_authority_key_gn_serial2: %s\n",
+ gnutls_strerror (err));
return;
}
- add_altname(str, "", alt_type, buffer, size);
+ add_altname (str, "", alt_type, buffer, size);
adds (str, "\t\t\tserial: ");
_gnutls_buffer_hexprint (str, serial, serial_size);
adds (str, "\n");
@@ -350,11 +359,11 @@ print_aki (gnutls_buffer_st * str, int type, cert_type_t
cert)
gnutls_assert ();
return;
}
-
+
if (err == GNUTLS_E_X509_UNSUPPORTED_EXTENSION)
{
/* Check if an alternative name is there */
- print_aki_gn_serial(str, type, cert);
+ print_aki_gn_serial (str, type, cert);
return;
}
@@ -404,6 +413,8 @@ print_key_usage (gnutls_buffer_st * str, const char
*prefix, int type,
err = gnutls_x509_crt_get_key_usage (cert.crt, &key_usage, NULL);
else if (type == TYPE_CRQ)
err = gnutls_x509_crq_get_key_usage (cert.crq, &key_usage, NULL);
+ else if (type == TYPE_PUBKEY)
+ err = gnutls_pubkey_get_key_usage (cert.pubkey, &key_usage);
else
return;
@@ -414,28 +425,28 @@ print_key_usage (gnutls_buffer_st * str, const char
*prefix, int type,
}
if (key_usage & GNUTLS_KEY_DIGITAL_SIGNATURE)
- addf (str, _("%s\t\t\tDigital signature.\n"), prefix);
+ addf (str, _("%sDigital signature.\n"), prefix);
if (key_usage & GNUTLS_KEY_NON_REPUDIATION)
- addf (str, _("%s\t\t\tNon repudiation.\n"), prefix);
+ addf (str, _("%sNon repudiation.\n"), prefix);
if (key_usage & GNUTLS_KEY_KEY_ENCIPHERMENT)
- addf (str, _("%s\t\t\tKey encipherment.\n"), prefix);
+ addf (str, _("%sKey encipherment.\n"), prefix);
if (key_usage & GNUTLS_KEY_DATA_ENCIPHERMENT)
- addf (str, _("%s\t\t\tData encipherment.\n"), prefix);
+ addf (str, _("%sData encipherment.\n"), prefix);
if (key_usage & GNUTLS_KEY_KEY_AGREEMENT)
- addf (str, _("%s\t\t\tKey agreement.\n"), prefix);
+ addf (str, _("%sKey agreement.\n"), prefix);
if (key_usage & GNUTLS_KEY_KEY_CERT_SIGN)
- addf (str, _("%s\t\t\tCertificate signing.\n"), prefix);
+ addf (str, _("%sCertificate signing.\n"), prefix);
if (key_usage & GNUTLS_KEY_CRL_SIGN)
- addf (str, _("%s\t\t\tCRL signing.\n"), prefix);
+ addf (str, _("%sCRL signing.\n"), prefix);
if (key_usage & GNUTLS_KEY_ENCIPHER_ONLY)
- addf (str, _("%s\t\t\tKey encipher only.\n"), prefix);
+ addf (str, _("%sKey encipher only.\n"), prefix);
if (key_usage & GNUTLS_KEY_DECIPHER_ONLY)
- addf (str, _("%s\t\t\tKey decipher only.\n"), prefix);
+ addf (str, _("%sKey decipher only.\n"), prefix);
}
static void
-print_private_key_usage_period (gnutls_buffer_st * str, const char *prefix,
int type,
- cert_type_t cert)
+print_private_key_usage_period (gnutls_buffer_st * str, const char *prefix,
+ int type, cert_type_t cert)
{
time_t activation, expiration;
int err;
@@ -444,15 +455,20 @@ print_private_key_usage_period (gnutls_buffer_st * str,
const char *prefix, int
size_t max;
if (type == TYPE_CRT)
- err = gnutls_x509_crt_get_private_key_usage_period (cert.crt, &activation,
&expiration, NULL);
+ err =
+ gnutls_x509_crt_get_private_key_usage_period (cert.crt, &activation,
+ &expiration, NULL);
else if (type == TYPE_CRQ)
- err = gnutls_x509_crq_get_private_key_usage_period (cert.crq, &activation,
&expiration, NULL);
+ err =
+ gnutls_x509_crq_get_private_key_usage_period (cert.crq, &activation,
+ &expiration, NULL);
else
return;
if (err < 0)
{
- addf (str, "error: get_private_key_usage_period: %s\n", gnutls_strerror
(err));
+ addf (str, "error: get_private_key_usage_period: %s\n",
+ gnutls_strerror (err));
return;
}
@@ -668,8 +684,8 @@ print_basic (gnutls_buffer_st * str, const char *prefix,
int type,
static void
-print_altname (gnutls_buffer_st * str, const char *prefix, unsigned int
altname_type,
- cert_type_t cert)
+print_altname (gnutls_buffer_st * str, const char *prefix,
+ unsigned int altname_type, cert_type_t cert)
{
unsigned int altname_idx;
@@ -734,84 +750,84 @@ print_altname (gnutls_buffer_st * str, const char
*prefix, unsigned int altname_
if (err == GNUTLS_SAN_OTHERNAME)
{
- char *oid = NULL;
- size_t oidsize;
-
- oidsize = 0;
- if (altname_type == TYPE_CRT_SAN)
- err = gnutls_x509_crt_get_subject_alt_othername_oid
- (cert.crt, altname_idx, oid, &oidsize);
- else if (altname_type == TYPE_CRQ_SAN)
- err = gnutls_x509_crq_get_subject_alt_othername_oid
- (cert.crq, altname_idx, oid, &oidsize);
- else if (altname_type == TYPE_CRT_IAN)
- err = gnutls_x509_crt_get_issuer_alt_othername_oid
- (cert.crt, altname_idx, oid, &oidsize);
-
- if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
- {
- gnutls_free (buffer);
- addf (str,
- "error: get_subject/issuer_alt_othername_oid: %s\n",
- gnutls_strerror (err));
- return;
- }
+ char *oid = NULL;
+ size_t oidsize;
+
+ oidsize = 0;
+ if (altname_type == TYPE_CRT_SAN)
+ err = gnutls_x509_crt_get_subject_alt_othername_oid
+ (cert.crt, altname_idx, oid, &oidsize);
+ else if (altname_type == TYPE_CRQ_SAN)
+ err = gnutls_x509_crq_get_subject_alt_othername_oid
+ (cert.crq, altname_idx, oid, &oidsize);
+ else if (altname_type == TYPE_CRT_IAN)
+ err = gnutls_x509_crt_get_issuer_alt_othername_oid
+ (cert.crt, altname_idx, oid, &oidsize);
+
+ if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
+ {
+ gnutls_free (buffer);
+ addf (str,
+ "error: get_subject/issuer_alt_othername_oid: %s\n",
+ gnutls_strerror (err));
+ return;
+ }
- oid = gnutls_malloc (oidsize);
- if (!oid)
- {
- gnutls_free (buffer);
- addf (str, "error: malloc: %s\n",
- gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
- return;
- }
+ oid = gnutls_malloc (oidsize);
+ if (!oid)
+ {
+ gnutls_free (buffer);
+ addf (str, "error: malloc: %s\n",
+ gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
+ return;
+ }
- if (altname_type == TYPE_CRT_SAN)
- err = gnutls_x509_crt_get_subject_alt_othername_oid
- (cert.crt, altname_idx, oid, &oidsize);
- else if (altname_type == TYPE_CRQ_SAN)
- err = gnutls_x509_crq_get_subject_alt_othername_oid
- (cert.crq, altname_idx, oid, &oidsize);
- else if (altname_type == TYPE_CRT_IAN)
- err = gnutls_x509_crt_get_issuer_alt_othername_oid
- (cert.crt, altname_idx, oid, &oidsize);
+ if (altname_type == TYPE_CRT_SAN)
+ err = gnutls_x509_crt_get_subject_alt_othername_oid
+ (cert.crt, altname_idx, oid, &oidsize);
+ else if (altname_type == TYPE_CRQ_SAN)
+ err = gnutls_x509_crq_get_subject_alt_othername_oid
+ (cert.crq, altname_idx, oid, &oidsize);
+ else if (altname_type == TYPE_CRT_IAN)
+ err = gnutls_x509_crt_get_issuer_alt_othername_oid
+ (cert.crt, altname_idx, oid, &oidsize);
- if (err < 0)
- {
- gnutls_free (buffer);
- gnutls_free (oid);
- addf (str, "error: get_subject_alt_othername_oid2: %s\n",
- gnutls_strerror (err));
- return;
- }
+ if (err < 0)
+ {
+ gnutls_free (buffer);
+ gnutls_free (oid);
+ addf (str, "error: get_subject_alt_othername_oid2: %s\n",
+ gnutls_strerror (err));
+ return;
+ }
- if (err == GNUTLS_SAN_OTHERNAME_XMPP)
- {
- if (strlen (buffer) != size)
- {
- adds (str, _("warning: altname contains an embedded NUL, "
- "replacing with '!'\n"));
- while (strlen (buffer) < size)
- buffer[strlen (buffer)] = '!';
- }
-
- addf (str, _("%s\t\t\tXMPP Address: %.*s\n"), prefix,
- (int) size, buffer);
- }
- else
- {
- addf (str, _("%s\t\t\totherName OID: %.*s\n"), prefix,
- (int) oidsize, oid);
- addf (str, _("%s\t\t\totherName DER: "), prefix);
- _gnutls_buffer_hexprint (str, buffer, size);
- addf (str, _("\n%s\t\t\totherName ASCII: "), prefix);
- _gnutls_buffer_asciiprint (str, buffer, size);
- addf (str, "\n");
- }
- gnutls_free (oid);
- }
+ if (err == GNUTLS_SAN_OTHERNAME_XMPP)
+ {
+ if (strlen (buffer) != size)
+ {
+ adds (str, _("warning: altname contains an embedded NUL, "
+ "replacing with '!'\n"));
+ while (strlen (buffer) < size)
+ buffer[strlen (buffer)] = '!';
+ }
+
+ addf (str, _("%s\t\t\tXMPP Address: %.*s\n"), prefix,
+ (int) size, buffer);
+ }
+ else
+ {
+ addf (str, _("%s\t\t\totherName OID: %.*s\n"), prefix,
+ (int) oidsize, oid);
+ addf (str, _("%s\t\t\totherName DER: "), prefix);
+ _gnutls_buffer_hexprint (str, buffer, size);
+ addf (str, _("\n%s\t\t\totherName ASCII: "), prefix);
+ _gnutls_buffer_asciiprint (str, buffer, size);
+ addf (str, "\n");
+ }
+ gnutls_free (oid);
+ }
else
- add_altname(str, prefix, err, buffer, size);
+ add_altname (str, prefix, err, buffer, size);
gnutls_free (buffer);
}
@@ -893,6 +909,7 @@ print_extensions (gnutls_buffer_st * str, const char
*prefix, int type,
int ski_idx = 0;
int aki_idx = 0;
int crldist_idx = 0, pkey_usage_period_idx = 0;
+ char pfx[16];
for (i = 0;; i++)
{
@@ -961,34 +978,41 @@ print_extensions (gnutls_buffer_st * str, const char
*prefix, int type,
else if (strcmp (oid, "2.5.29.32") == 0)
{
struct gnutls_x509_policy_st policy;
- const char* name;
+ const char *name;
int x;
- for (x=0;;x++)
+ for (x = 0;; x++)
{
- err = gnutls_x509_crt_get_policy (cert.crt, x, &policy,
&critical);
+ err =
+ gnutls_x509_crt_get_policy (cert.crt, x, &policy, &critical);
if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
break;
-
+
if (err < 0)
{
- addf (str, "error: certificate policy: %s\n",
gnutls_strerror(err));
+ addf (str, "error: certificate policy: %s\n",
+ gnutls_strerror (err));
break;
}
- if (x==0) addf (str, "%s\t\tCertificate Policies (%s):\n",
prefix, critical ? _("critical") : _("not critical"));
+ if (x == 0)
+ addf (str, "%s\t\tCertificate Policies (%s):\n", prefix,
+ critical ? _("critical") : _("not critical"));
addf (str, "%s\t\t\t%s\n", prefix, policy.oid);
- for (j=0;j<policy.qualifiers;j++)
+ for (j = 0; j < policy.qualifiers; j++)
{
- if (policy.qualifier[j].type==GNUTLS_X509_QUALIFIER_URI)
+ if (policy.qualifier[j].type == GNUTLS_X509_QUALIFIER_URI)
name = "URI";
- else if
(policy.qualifier[j].type==GNUTLS_X509_QUALIFIER_NOTICE)
+ else if (policy.qualifier[j].type ==
+ GNUTLS_X509_QUALIFIER_NOTICE)
name = "Note";
- else name = "Unknown qualifier";
- addf (str, "%s\t\t\t\t%s: %s\n", prefix, name,
policy.qualifier[j].data);
+ else
+ name = "Unknown qualifier";
+ addf (str, "%s\t\t\t\t%s: %s\n", prefix, name,
+ policy.qualifier[j].data);
}
-
+
gnutls_x509_policy_release (&policy);
}
}
@@ -1020,7 +1044,8 @@ print_extensions (gnutls_buffer_st * str, const char
*prefix, int type,
addf (str, _("%s\t\tKey Usage (%s):\n"), prefix,
critical ? _("critical") : _("not critical"));
- print_key_usage (str, prefix, type, cert);
+ snprintf(pfx, sizeof(pfx), "%s\t\t\t", prefix);
+ print_key_usage (str, pfx, type, cert);
keyusage_idx++;
}
@@ -1028,7 +1053,8 @@ print_extensions (gnutls_buffer_st * str, const char
*prefix, int type,
{
if (pkey_usage_period_idx)
{
- addf (str, "error: more than one private key usage period
extension\n");
+ addf (str,
+ "error: more than one private key usage period
extension\n");
continue;
}
@@ -1117,7 +1143,7 @@ print_extensions (gnutls_buffer_st * str, const char
*prefix, int type,
else if (strcmp (oid, "1.3.6.1.5.5.7.1.1") == 0)
{
addf (str, _("%s\t\tAuthority Information "
- "Access (%s):\n"), prefix,
+ "Access (%s):\n"), prefix,
critical ? _("critical") : _("not critical"));
if (type == TYPE_CRT)
@@ -1189,7 +1215,173 @@ print_extensions (gnutls_buffer_st * str, const char
*prefix, int type,
}
static void
-print_cert (gnutls_buffer_st * str, gnutls_x509_crt_t cert, int notsigned)
+print_pubkey (gnutls_buffer_st * str, const char* key_name, gnutls_pubkey_t
pubkey, gnutls_certificate_print_formats_t format)
+{
+ int err, pk;
+ const char *name;
+ unsigned bits;
+
+ err = gnutls_pubkey_get_pk_algorithm (pubkey, &bits);
+ if (err < 0)
+ {
+ addf (str, "error: get_pk_algorithm: %s\n", gnutls_strerror (err));
+ return;
+ }
+
+ name = gnutls_pk_algorithm_get_name (err);
+ if (name == NULL)
+ name = _("unknown");
+
+ pk = err;
+
+ addf (str, _("\t%sPublic Key Algorithm: %s\n"), key_name, name);
+ addf (str, _("\tAlgorithm Security Level: %s (%d bits)\n"),
+ gnutls_sec_param_get_name (gnutls_pk_bits_to_sec_param
+ (err, bits)), bits);
+ switch (pk)
+ {
+ case GNUTLS_PK_RSA:
+ {
+ gnutls_datum_t m, e;
+
+ err = gnutls_pubkey_get_pk_rsa_raw (pubkey, &m, &e);
+ if (err < 0)
+ addf (str, "error: get_pk_rsa_raw: %s\n", gnutls_strerror (err));
+ else
+ {
+ if (format == GNUTLS_CRT_PRINT_FULL_NUMBERS)
+ {
+ addf (str, _("\t\tModulus (bits %d): "), bits);
+ _gnutls_buffer_hexprint (str, m.data, m.size);
+ adds (str, "\n");
+ addf (str, _("\t\tExponent (bits %d): "), e.size * 8);
+ _gnutls_buffer_hexprint (str, e.data, e.size);
+ adds (str, "\n");
+ }
+ else
+ {
+ addf (str, _("\t\tModulus (bits %d):\n"), bits);
+ _gnutls_buffer_hexdump (str, m.data, m.size, "\t\t\t");
+ addf (str, _("\t\tExponent (bits %d):\n"), e.size * 8);
+ _gnutls_buffer_hexdump (str, e.data, e.size, "\t\t\t");
+ }
+
+ gnutls_free (m.data);
+ gnutls_free (e.data);
+ }
+
+ }
+ break;
+
+ case GNUTLS_PK_EC:
+ {
+ gnutls_datum_t x, y;
+ gnutls_ecc_curve_t curve;
+
+ err = gnutls_pubkey_get_pk_ecc_raw (pubkey, &curve, &x, &y);
+ if (err < 0)
+ addf (str, "error: get_pk_ecc_raw: %s\n", gnutls_strerror (err));
+ else
+ {
+ addf (str, _("\t\tCurve:\t%s\n"),
+ gnutls_ecc_curve_get_name (curve));
+ if (format == GNUTLS_CRT_PRINT_FULL_NUMBERS)
+ {
+ addf (str, _("\t\tX: "));
+ _gnutls_buffer_hexprint (str, x.data, x.size);
+ adds (str, "\n");
+ addf (str, _("\t\tY: "));
+ _gnutls_buffer_hexprint (str, y.data, y.size);
+ adds (str, "\n");
+ }
+ else
+ {
+ addf (str, _("\t\tX:\n"));
+ _gnutls_buffer_hexdump (str, x.data, x.size, "\t\t\t");
+ adds (str, _("\t\tY:\n"));
+ _gnutls_buffer_hexdump (str, y.data, y.size, "\t\t\t");
+ }
+
+ gnutls_free (x.data);
+ gnutls_free (y.data);
+
+ }
+ }
+ break;
+ case GNUTLS_PK_DSA:
+ {
+ gnutls_datum_t p, q, g, y;
+
+ err = gnutls_pubkey_get_pk_dsa_raw (pubkey, &p, &q, &g, &y);
+ if (err < 0)
+ addf (str, "error: get_pk_dsa_raw: %s\n", gnutls_strerror (err));
+ else
+ {
+ if (format == GNUTLS_CRT_PRINT_FULL_NUMBERS)
+ {
+ addf (str, _("\t\tPublic key (bits %d): "), bits);
+ _gnutls_buffer_hexprint (str, y.data, y.size);
+ adds (str, "\n");
+ addf (str, _("\t\tP: "));
+ _gnutls_buffer_hexprint (str, p.data, p.size);
+ adds (str, "\n");
+ addf (str, _("\t\tQ: "));
+ _gnutls_buffer_hexprint (str, q.data, q.size);
+ adds (str, "\n");
+ addf (str, _("\t\tG: "));
+ _gnutls_buffer_hexprint (str, g.data, g.size);
+ adds (str, "\n");
+ }
+ else
+ {
+ addf (str, _("\t\tPublic key (bits %d):\n"), bits);
+ _gnutls_buffer_hexdump (str, y.data, y.size, "\t\t\t");
+ adds (str, _("\t\tP:\n"));
+ _gnutls_buffer_hexdump (str, p.data, p.size, "\t\t\t");
+ adds (str, _("\t\tQ:\n"));
+ _gnutls_buffer_hexdump (str, q.data, q.size, "\t\t\t");
+ adds (str, _("\t\tG:\n"));
+ _gnutls_buffer_hexdump (str, g.data, g.size, "\t\t\t");
+ }
+
+ gnutls_free (p.data);
+ gnutls_free (q.data);
+ gnutls_free (g.data);
+ gnutls_free (y.data);
+
+ }
+ }
+ break;
+
+ default:
+ break;
+ }
+}
+
+static void
+print_crt_pubkey (gnutls_buffer_st * str, gnutls_x509_crt_t crt,
gnutls_certificate_print_formats_t format)
+{
+ gnutls_pubkey_t pubkey;
+ int ret;
+
+ ret = gnutls_pubkey_init (&pubkey);
+ if (ret < 0)
+ return;
+
+ ret = gnutls_pubkey_import_x509 (pubkey, crt, 0);
+ if (ret < 0)
+ goto cleanup;
+
+ print_pubkey (str, _("Subject "), pubkey, format);
+
+cleanup:
+ gnutls_pubkey_deinit (pubkey);
+ return;
+}
+
+static void
+print_cert (gnutls_buffer_st * str, gnutls_x509_crt_t cert,
+ gnutls_certificate_print_formats_t format)
{
/* Version. */
{
@@ -1218,7 +1410,7 @@ print_cert (gnutls_buffer_st * str, gnutls_x509_crt_t
cert, int notsigned)
}
/* Issuer. */
- if (!notsigned)
+ if (format != GNUTLS_CRT_PRINT_UNSIGNED_FULL)
{
char *dn;
size_t dn_size = 0;
@@ -1309,122 +1501,7 @@ print_cert (gnutls_buffer_st * str, gnutls_x509_crt_t
cert, int notsigned)
}
/* SubjectPublicKeyInfo. */
- {
- int err, pk;
- unsigned int bits;
-
- err = gnutls_x509_crt_get_pk_algorithm (cert, &bits);
- if (err < 0)
- addf (str, "error: get_pk_algorithm: %s\n", gnutls_strerror (err));
- else
- {
- gnutls_pubkey_t pubkey;
- const char *name = gnutls_pk_algorithm_get_name (err);
- if (name == NULL)
- name = _("unknown");
-
- pk = err;
-
- addf (str, _("\tSubject Public Key Algorithm: %s\n"), name);
- addf (str, _("\tCertificate Security Level: %s (%d bits)\n"),
- gnutls_sec_param_get_name (gnutls_pk_bits_to_sec_param
- (err, bits)), bits);
- err = gnutls_pubkey_init(&pubkey);
- if (err < 0)
- {
- addf (str, "error: gnutls_pubkey_init: %s\n", gnutls_strerror
(err));
- return;
- }
-
- err = gnutls_pubkey_import_x509(pubkey, cert, 0);
- if (err < 0)
- {
- addf (str, "error: gnutls_pubkey_import_x509: %s\n",
gnutls_strerror (err));
- return;
- }
-
- switch (pk)
- {
- case GNUTLS_PK_RSA:
- {
- gnutls_datum_t m, e;
-
- err = gnutls_pubkey_get_pk_rsa_raw (pubkey, &m, &e);
- if (err < 0)
- addf (str, "error: get_pk_rsa_raw: %s\n",
- gnutls_strerror (err));
- else
- {
- addf (str, _("\t\tModulus (bits %d):\n"), bits);
- _gnutls_buffer_hexdump (str, m.data, m.size, "\t\t\t");
- addf (str, _("\t\tExponent (bits %d):\n"), e.size * 8);
- _gnutls_buffer_hexdump (str, e.data, e.size, "\t\t\t");
-
- gnutls_free (m.data);
- gnutls_free (e.data);
- }
-
- }
- break;
-
- case GNUTLS_PK_EC:
- {
- gnutls_datum_t x, y;
- gnutls_ecc_curve_t curve;
-
- err = gnutls_pubkey_get_pk_ecc_raw (pubkey, &curve, &x, &y);
- if (err < 0)
- addf (str, "error: get_pk_ecc_raw: %s\n",
- gnutls_strerror (err));
- else
- {
- addf (str, _("\t\tCurve:\t%s\n"),
gnutls_ecc_curve_get_name(curve));
- addf (str, _("\t\tX:\n"));
- _gnutls_buffer_hexdump (str, x.data, x.size, "\t\t\t");
- adds (str, _("\t\tY:\n"));
- _gnutls_buffer_hexdump (str, y.data, y.size, "\t\t\t");
-
- gnutls_free (x.data);
- gnutls_free (y.data);
-
- }
- }
- break;
- case GNUTLS_PK_DSA:
- {
- gnutls_datum_t p, q, g, y;
-
- err = gnutls_pubkey_get_pk_dsa_raw (pubkey, &p, &q, &g, &y);
- if (err < 0)
- addf (str, "error: get_pk_dsa_raw: %s\n",
- gnutls_strerror (err));
- else
- {
- addf (str, _("\t\tPublic key (bits %d):\n"), bits);
- _gnutls_buffer_hexdump (str, y.data, y.size, "\t\t\t");
- adds (str, _("\t\tP:\n"));
- _gnutls_buffer_hexdump (str, p.data, p.size, "\t\t\t");
- adds (str, _("\t\tQ:\n"));
- _gnutls_buffer_hexdump (str, q.data, q.size, "\t\t\t");
- adds (str, _("\t\tG:\n"));
- _gnutls_buffer_hexdump (str, g.data, g.size, "\t\t\t");
-
- gnutls_free (p.data);
- gnutls_free (q.data);
- gnutls_free (g.data);
- gnutls_free (y.data);
-
- }
- }
- break;
-
- default:
- break;
- }
-
- gnutls_pubkey_deinit(pubkey);
- }
- }
+ print_crt_pubkey(str, cert, format);
print_unique_ids (str, cert);
@@ -1438,7 +1515,7 @@ print_cert (gnutls_buffer_st * str, gnutls_x509_crt_t
cert, int notsigned)
}
/* Signature. */
- if (!notsigned)
+ if (format != GNUTLS_CRT_PRINT_UNSIGNED_FULL)
{
int err;
size_t size = 0;
@@ -1455,7 +1532,7 @@ print_cert (gnutls_buffer_st * str, gnutls_x509_crt_t
cert, int notsigned)
name = _("unknown");
addf (str, _("\tSignature Algorithm: %s\n"), name);
}
- if (gnutls_sign_is_secure(err) == 0)
+ if (gnutls_sign_is_secure (err) == 0)
{
adds (str, _("warning: signed using a broken signature "
"algorithm that can be forged.\n"));
@@ -1498,7 +1575,7 @@ print_fingerprint (gnutls_buffer_st * str,
gnutls_x509_crt_t cert,
int err;
char buffer[MAX_HASH_SIZE];
size_t size = sizeof (buffer);
-
+
err = gnutls_x509_crt_get_fingerprint (cert, algo, buffer, &size);
if (err < 0)
{
@@ -1519,9 +1596,9 @@ print_keyid (gnutls_buffer_st * str, gnutls_x509_crt_t
cert)
{
int err;
unsigned char buffer[32];
- size_t size = sizeof(buffer);
- const char* name;
- char* p;
+ size_t size = sizeof (buffer);
+ const char *name;
+ char *p;
unsigned int bits;
err = gnutls_x509_crt_get_key_id (cert, 0, buffer, &size);
@@ -1538,26 +1615,27 @@ print_keyid (gnutls_buffer_st * str, gnutls_x509_crt_t
cert)
err = gnutls_x509_crt_get_pk_algorithm (cert, &bits);
if (err < 0)
return;
-
- name = gnutls_pk_get_name(err);
+
+ name = gnutls_pk_get_name (err);
if (name == NULL)
return;
- p = _gnutls_key_fingerprint_randomart(buffer, size, name, bits, "\t\t");
+ p = _gnutls_key_fingerprint_randomart (buffer, size, name, bits, "\t\t");
if (p == NULL)
return;
-
+
adds (str, _("\tPublic key's random art:\n"));
adds (str, p);
adds (str, "\n");
- gnutls_free(p);
+ gnutls_free (p);
}
static void
-print_other (gnutls_buffer_st * str, gnutls_x509_crt_t cert, int notsigned)
+print_other (gnutls_buffer_st * str, gnutls_x509_crt_t cert,
+ gnutls_certificate_print_formats_t format)
{
- if (!notsigned)
+ if (format != GNUTLS_CRT_PRINT_UNSIGNED_FULL)
{
print_fingerprint (str, cert, GNUTLS_DIG_SHA1);
}
@@ -1567,7 +1645,7 @@ print_other (gnutls_buffer_st * str, gnutls_x509_crt_t
cert, int notsigned)
static void
print_oneline (gnutls_buffer_st * str, gnutls_x509_crt_t cert)
{
-int err;
+ int err;
/* Subject. */
{
@@ -1641,7 +1719,7 @@ int err;
const char *name = gnutls_sign_algorithm_get_name (err);
if (name == NULL)
name = _("unknown");
- if (gnutls_sign_is_secure(err) == 0)
+ if (gnutls_sign_is_secure (err) == 0)
addf (str, _("signed using %s (broken!), "), name);
else
addf (str, _("signed using %s, "), name);
@@ -1751,60 +1829,57 @@ gnutls_x509_crt_print (gnutls_x509_crt_t cert,
gnutls_buffer_st str;
int ret;
- if (format == GNUTLS_CRT_PRINT_FULL
- || format == GNUTLS_CRT_PRINT_UNSIGNED_FULL)
+ if (format == GNUTLS_CRT_PRINT_COMPACT)
{
_gnutls_buffer_init (&str);
- _gnutls_buffer_append_str (&str, _("X.509 Certificate Information:\n"));
-
- print_cert (&str, cert, format == GNUTLS_CRT_PRINT_UNSIGNED_FULL);
-
- _gnutls_buffer_append_str (&str, _("Other Information:\n"));
+ print_oneline (&str, cert);
- print_other (&str, cert, format == GNUTLS_CRT_PRINT_UNSIGNED_FULL);
+ _gnutls_buffer_append_data (&str, "\n", 1);
+ print_keyid (&str, cert);
_gnutls_buffer_append_data (&str, "\0", 1);
- ret = _gnutls_buffer_to_datum( &str, out);
- if (out->size > 0) out->size--;
-
+ ret = _gnutls_buffer_to_datum (&str, out);
+ if (out->size > 0)
+ out->size--;
+
return ret;
}
- else if (format == GNUTLS_CRT_PRINT_COMPACT)
+ else if (format == GNUTLS_CRT_PRINT_ONELINE)
{
_gnutls_buffer_init (&str);
print_oneline (&str, cert);
- _gnutls_buffer_append_data (&str, "\n", 1);
- print_keyid (&str, cert);
-
_gnutls_buffer_append_data (&str, "\0", 1);
- ret = _gnutls_buffer_to_datum( &str, out);
- if (out->size > 0) out->size--;
-
+ ret = _gnutls_buffer_to_datum (&str, out);
+ if (out->size > 0)
+ out->size--;
+
return ret;
}
- else if (format == GNUTLS_CRT_PRINT_ONELINE)
+ else
{
_gnutls_buffer_init (&str);
- print_oneline (&str, cert);
+ _gnutls_buffer_append_str (&str, _("X.509 Certificate Information:\n"));
+
+ print_cert (&str, cert, format);
+
+ _gnutls_buffer_append_str (&str, _("Other Information:\n"));
+
+ print_other (&str, cert, format);
_gnutls_buffer_append_data (&str, "\0", 1);
- ret = _gnutls_buffer_to_datum( &str, out);
- if (out->size > 0) out->size--;
-
+ ret = _gnutls_buffer_to_datum (&str, out);
+ if (out->size > 0)
+ out->size--;
+
return ret;
}
- else
- {
- gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
}
static void
@@ -2068,7 +2143,7 @@ print_crl (gnutls_buffer_st * str, gnutls_x509_crl_t crl,
int notsigned)
name = _("unknown");
addf (str, _("\tSignature Algorithm: %s\n"), name);
}
- if (gnutls_sign_is_secure(err) == 0)
+ if (gnutls_sign_is_secure (err) == 0)
{
adds (str, _("warning: signed using a broken signature "
"algorithm that can be forged.\n"));
@@ -2134,15 +2209,37 @@ gnutls_x509_crl_print (gnutls_x509_crl_t crl,
print_crl (&str, crl, format == GNUTLS_CRT_PRINT_UNSIGNED_FULL);
_gnutls_buffer_append_data (&str, "\0", 1);
-
- ret = _gnutls_buffer_to_datum( &str, out);
- if (out->size > 0) out->size--;
-
+
+ ret = _gnutls_buffer_to_datum (&str, out);
+ if (out->size > 0)
+ out->size--;
+
return ret;
}
static void
-print_crq (gnutls_buffer_st * str, gnutls_x509_crq_t cert)
+print_crq_pubkey (gnutls_buffer_st * str, gnutls_x509_crq_t crq,
gnutls_certificate_print_formats_t format)
+{
+ gnutls_pubkey_t pubkey;
+ int ret;
+
+ ret = gnutls_pubkey_init (&pubkey);
+ if (ret < 0)
+ return;
+
+ ret = gnutls_pubkey_import_x509_crq (pubkey, crq, 0);
+ if (ret < 0)
+ goto cleanup;
+
+ print_pubkey (str, _("Subject "), pubkey, format);
+
+cleanup:
+ gnutls_pubkey_deinit (pubkey);
+ return;
+}
+
+static void
+print_crq (gnutls_buffer_st * str, gnutls_x509_crq_t cert,
gnutls_certificate_print_formats_t format)
{
/* Version. */
{
@@ -2189,68 +2286,7 @@ print_crq (gnutls_buffer_st * str, gnutls_x509_crq_t
cert)
if (err < 0)
addf (str, "error: get_pk_algorithm: %s\n", gnutls_strerror (err));
else
- {
- const char *name = gnutls_pk_algorithm_get_name (err);
- if (name == NULL)
- name = _("unknown");
-
- addf (str, _("\tSubject Public Key Algorithm: %s\n"), name);
- switch (err)
- {
- case GNUTLS_PK_RSA:
- {
- gnutls_datum_t m, e;
-
- err = gnutls_x509_crq_get_key_rsa_raw (cert, &m, &e);
- if (err < 0)
- addf (str, "error: get_pk_rsa_raw: %s\n",
- gnutls_strerror (err));
- else
- {
- addf (str, _("\t\tModulus (bits %d):\n"), bits);
- _gnutls_buffer_hexdump (str, m.data, m.size, "\t\t\t");
- adds (str, _("\t\tExponent:\n"));
- _gnutls_buffer_hexdump (str, e.data, e.size, "\t\t\t");
-
- gnutls_free (m.data);
- gnutls_free (e.data);
- }
-
- }
- break;
-#if 0 /* not implemented yet */
- case GNUTLS_PK_DSA:
- {
- gnutls_datum_t p, q, g, y;
-
- err = gnutls_x509_crq_get_key_dsa_raw (cert, &p, &q, &g, &y);
- if (err < 0)
- addf (str, "error: get_pk_dsa_raw: %s\n",
- gnutls_strerror (err));
- else
- {
- addf (str, _("\t\tPublic key (bits %d):\n"), bits);
- _gnutls_buffer_hexdump (str, y.data, y.size, "\t\t\t");
- addf (str, _("\t\tP:\n"));
- _gnutls_buffer_hexdump (str, p.data, p.size, "\t\t\t");
- addf (str, _("\t\tQ:\n"));
- _gnutls_buffer_hexdump (str, q.data, q.size, "\t\t\t");
- addf (str, _("\t\tG:\n"));
- _gnutls_buffer_hexdump (str, g.data, g.size, "\t\t\t");
-
- gnutls_free (p.data);
- gnutls_free (q.data);
- gnutls_free (g.data);
- gnutls_free (y.data);
-
- }
- }
- break;
-#endif
- default:
- break;
- }
- }
+ print_crq_pubkey (str, cert, format);
}
/* parse attributes */
@@ -2447,7 +2483,7 @@ gnutls_x509_crq_print (gnutls_x509_crq_t crq,
_gnutls_buffer_append_str
(&str, _("PKCS #10 Certificate Request Information:\n"));
- print_crq (&str, crq);
+ print_crq (&str, crq, format);
_gnutls_buffer_append_str (&str, _("Other Information:\n"));
@@ -2455,9 +2491,85 @@ gnutls_x509_crq_print (gnutls_x509_crq_t crq,
_gnutls_buffer_append_data (&str, "\0", 1);
- ret = _gnutls_buffer_to_datum( &str, out);
- if (out->size > 0) out->size--;
-
+ ret = _gnutls_buffer_to_datum (&str, out);
+ if (out->size > 0)
+ out->size--;
+
return ret;
}
+static void
+print_pubkey_other (gnutls_buffer_st * str, gnutls_pubkey_t pubkey,
gnutls_certificate_print_formats_t format)
+{
+ uint8_t buffer[MAX_HASH_SIZE];
+ size_t size = sizeof(buffer);
+ int ret;
+ unsigned int usage;
+ cert_type_t ccert;
+
+ ccert.pubkey = pubkey;
+
+ ret = gnutls_pubkey_get_key_usage (pubkey, &usage);
+ if (ret < 0)
+ {
+ addf (str, "error: get_key_usage: %s\n", gnutls_strerror (ret));
+ return;
+ }
+
+ adds (str, "\n");
+ adds (str, _("Public Key Usage:\n"));
+ print_key_usage (str, "\t", TYPE_PUBKEY, ccert);
+
+ ret = gnutls_pubkey_get_key_id (pubkey, 0, buffer, &size);
+ if (ret < 0)
+ {
+ addf (str, "error: get_key_id: %s\n", gnutls_strerror (ret));
+ return;
+ }
+
+ adds (str, "\n");
+ adds (str, _("Public Key ID: "));
+ _gnutls_buffer_hexprint (str, buffer, size);
+ adds (str, "\n");
+}
+
+/**
+ * gnutls_pubkey_print:
+ * @pubkey: The structure to be printed
+ * @format: Indicate the format to use
+ * @out: Newly allocated datum with (0) terminated string.
+ *
+ * This function will pretty print public key information, suitable for
+ * display to a human.
+ *
+ * Only %GNUTLS_CRT_PRINT_FULL and %GNUTLS_CRT_PRINT_FULL_NUMBERS
+ * are implemented.
+ *
+ * The output @out needs to be deallocated using gnutls_free().
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_pubkey_print (gnutls_pubkey_t pubkey,
+ gnutls_certificate_print_formats_t format,
+ gnutls_datum_t * out)
+{
+ gnutls_buffer_st str;
+ int ret;
+
+ _gnutls_buffer_init (&str);
+
+ _gnutls_buffer_append_str (&str, _("Public Key Information:\n"));
+
+ print_pubkey (&str, "", pubkey, format);
+ print_pubkey_other (&str, pubkey, format);
+
+ _gnutls_buffer_append_data (&str, "\0", 1);
+
+ ret = _gnutls_buffer_to_datum (&str, out);
+ if (out->size > 0)
+ out->size--;
+
+ return ret;
+}
diff --git a/m4/hooks.m4 b/m4/hooks.m4
index 3ec5044..6a0cf69 100644
--- a/m4/hooks.m4
+++ b/m4/hooks.m4
@@ -250,4 +250,9 @@ fi
else
AC_DEFINE([GNUTLS_POINTER_TO_INT_CAST], [])
fi
+
+dnl this is called from somewhere else
+dnl #AM_ICONV
+dnl m4_ifdef([gl_ICONV_MODULE_INDICATOR],
+dnl [gl_ICONV_MODULE_INDICATOR([iconv])])
])
diff --git a/maint.mk b/maint.mk
index e52deb4..ea44ece 100644
--- a/maint.mk
+++ b/maint.mk
@@ -1121,9 +1121,11 @@ fix_po_file_diag = \
'you have changed the set of files with translatable diagnostics;\n\
apply the above patch\n'
-# Verify that all source files using _() are listed in po/POTFILES.in.
+# Verify that all source files using _() (more specifically, files that
+# match $(_gl_translatable_string_re)) are listed in po/POTFILES.in.
po_file ?= $(srcdir)/po/POTFILES.in
generated_files ?= $(srcdir)/lib/*.[ch]
+_gl_translatable_string_re ?= \b(N?_|gettext *)\([^)"]*("|$$)
sc_po_check:
@if test -f $(po_file); then \
grep -E -v '^(#|$$)' $(po_file) \
@@ -1143,7 +1145,7 @@ sc_po_check:
esac; \
files="$$files $$file"; \
done; \
- grep -E -l '\b(N?_|gettext *)\([^)"]*("|$$)' $$files \
+ grep -E -l '$(_gl_translatable_string_re)' $$files \
| sed 's|^$(_dot_escaped_srcdir)/||' | sort -u > address@hidden;
\
diff -u -L $(po_file) -L $(po_file) address@hidden address@hidden
\
|| { printf '$(ME): '$(fix_po_file_diag) 1>&2; exit 1; }; \
diff --git a/src/certtool-args.c b/src/certtool-args.c
index 261f2d8..9eee3b9 100644
--- a/src/certtool-args.c
+++ b/src/certtool-args.c
@@ -2,7 +2,7 @@
*
* DO NOT EDIT THIS FILE (certtool-args.c)
*
- * It has been AutoGen-ed November 20, 2012 at 12:55:34 AM by AutoGen 5.16
+ * It has been AutoGen-ed November 20, 2012 at 05:51:05 PM by AutoGen 5.16
* From the definitions certtool-args.def
* and the template file options
*
@@ -67,7 +67,7 @@ extern FILE * option_usage_fp;
/*
* certtool option static const strings
*/
-static char const certtool_opt_strs[4691] =
+static char const certtool_opt_strs[4767] =
/* 0 */ "certtool @address@hidden"
"Copyright (C) 2000-2012 Free Software Foundation, all rights
reserved.\n"
"This is free software. It is licensed for use, modification and\n"
@@ -156,115 +156,118 @@ static char const certtool_opt_strs[4691] =
/* 2293 */ "Password to use\0"
/* 2309 */ "PASSWORD\0"
/* 2318 */ "password\0"
-/* 2327 */ "Enforce a NULL password\0"
-/* 2351 */ "NULL_PASSWORD\0"
-/* 2365 */ "null-password\0"
-/* 2379 */ "Print information on the given certificate\0"
-/* 2422 */ "CERTIFICATE_INFO\0"
-/* 2439 */ "certificate-info\0"
-/* 2456 */ "Print certificate's public key\0"
-/* 2487 */ "CERTIFICATE_PUBKEY\0"
-/* 2506 */ "certificate-pubkey\0"
-/* 2525 */ "Print information on the given OpenPGP certificate\0"
-/* 2576 */ "PGP_CERTIFICATE_INFO\0"
-/* 2597 */ "pgp-certificate-info\0"
-/* 2618 */ "Print information on the given OpenPGP keyring structure\0"
-/* 2675 */ "PGP_RING_INFO\0"
-/* 2689 */ "pgp-ring-info\0"
-/* 2703 */ "Print information on the given CRL structure\0"
-/* 2748 */ "CRL_INFO\0"
-/* 2757 */ "crl-info\0"
-/* 2766 */ "Print information on the given certificate request\0"
-/* 2817 */ "CRQ_INFO\0"
-/* 2826 */ "crq-info\0"
-/* 2835 */ "Do not use extensions in certificate requests\0"
-/* 2881 */ "NO_CRQ_EXTENSIONS\0"
-/* 2899 */ "no-crq-extensions\0"
-/* 2917 */ "Print information on a PKCS #12 structure\0"
-/* 2959 */ "P12_INFO\0"
-/* 2968 */ "p12-info\0"
-/* 2977 */ "Print information on a PKCS #7 structure\0"
-/* 3018 */ "P7_INFO\0"
-/* 3026 */ "p7-info\0"
-/* 3034 */ "Convert S/MIME to PKCS #7 structure\0"
-/* 3070 */ "SMIME_TO_P7\0"
-/* 3082 */ "smime-to-p7\0"
-/* 3094 */ "Print information on a private key\0"
-/* 3129 */ "KEY_INFO\0"
-/* 3138 */ "key-info\0"
-/* 3147 */ "Print information on an OpenPGP private key\0"
-/* 3191 */ "PGP_KEY_INFO\0"
-/* 3204 */ "pgp-key-info\0"
-/* 3217 */ "Print information on a public key\0"
-/* 3251 */ "PUBKEY_INFO\0"
-/* 3263 */ "pubkey-info\0"
-/* 3275 */ "Generate an X.509 version 1 certificate (with no extensions)\0"
-/* 3336 */ "V1\0"
-/* 3339 */ "v1\0"
-/* 3342 */ "Generate a PKCS #12 structure\0"
-/* 3372 */ "TO_P12\0"
-/* 3379 */ "to-p12\0"
-/* 3386 */ "Generate a PKCS #8 structure\0"
-/* 3415 */ "TO_P8\0"
-/* 3421 */ "to-p8\0"
-/* 3427 */ "Use PKCS #8 format for private keys\0"
-/* 3463 */ "PKCS8\0"
-/* 3469 */ "pkcs8\0"
-/* 3475 */ "Generate RSA key\0"
-/* 3492 */ "RSA\0"
-/* 3496 */ "rsa\0"
-/* 3500 */ "Generate DSA key\0"
-/* 3517 */ "DSA\0"
-/* 3521 */ "dsa\0"
-/* 3525 */ "Generate ECC (ECDSA) key\0"
-/* 3550 */ "ECC\0"
-/* 3554 */ "ecc\0"
-/* 3558 */ "Hash algorithm to use for signing.\0"
-/* 3593 */ "HASH\0"
-/* 3598 */ "hash\0"
-/* 3603 */ "Use DER format for input certificates and private keys.\0"
-/* 3659 */ "INDER\0"
-/* 3665 */ "no-inder\0"
-/* 3674 */ "no\0"
-/* 3677 */ "This is an alias for 'inder'\0"
-/* 3706 */ "inraw\0"
-/* 3712 */ "Use DER format for output certificates and private keys\0"
-/* 3768 */ "OUTDER\0"
-/* 3775 */ "no-outder\0"
-/* 3785 */ "This is an alias for 'outder'\0"
-/* 3815 */ "outraw\0"
-/* 3822 */ "Specify the number of bits for key generate\0"
-/* 3866 */ "BITS\0"
-/* 3871 */ "bits\0"
-/* 3876 */ "Specify the security level [low, legacy, normal, high, ultra].\0"
-/* 3939 */ "SEC_PARAM\0"
-/* 3949 */ "sec-param\0"
-/* 3959 */ "No effect\0"
-/* 3969 */ "DISABLE_QUICK_RANDOM\0"
-/* 3990 */ "disable-quick-random\0"
-/* 4011 */ "Template file to use for non-interactive operation\0"
-/* 4062 */ "TEMPLATE\0"
-/* 4071 */ "template\0"
-/* 4080 */ "Cipher to use for PKCS #8 and #12 operations\0"
-/* 4125 */ "PKCS_CIPHER\0"
-/* 4137 */ "pkcs-cipher\0"
-/* 4149 */ "Display extended usage information and exit\0"
-/* 4193 */ "help\0"
-/* 4198 */ "Extended usage information passed thru pager\0"
-/* 4243 */ "more-help\0"
-/* 4253 */ "Output version information and exit\0"
-/* 4289 */ "version\0"
-/* 4297 */ "CERTTOOL\0"
-/* 4306 */ "certtool - GnuTLS certificate tool - Ver. @address@hidden"
+/* 2327 */ "Print big number in an easier format to parse\0"
+/* 2373 */ "SIMPLE_NUMBERS\0"
+/* 2388 */ "simple-numbers\0"
+/* 2403 */ "Enforce a NULL password\0"
+/* 2427 */ "NULL_PASSWORD\0"
+/* 2441 */ "null-password\0"
+/* 2455 */ "Print information on the given certificate\0"
+/* 2498 */ "CERTIFICATE_INFO\0"
+/* 2515 */ "certificate-info\0"
+/* 2532 */ "Print certificate's public key\0"
+/* 2563 */ "CERTIFICATE_PUBKEY\0"
+/* 2582 */ "certificate-pubkey\0"
+/* 2601 */ "Print information on the given OpenPGP certificate\0"
+/* 2652 */ "PGP_CERTIFICATE_INFO\0"
+/* 2673 */ "pgp-certificate-info\0"
+/* 2694 */ "Print information on the given OpenPGP keyring structure\0"
+/* 2751 */ "PGP_RING_INFO\0"
+/* 2765 */ "pgp-ring-info\0"
+/* 2779 */ "Print information on the given CRL structure\0"
+/* 2824 */ "CRL_INFO\0"
+/* 2833 */ "crl-info\0"
+/* 2842 */ "Print information on the given certificate request\0"
+/* 2893 */ "CRQ_INFO\0"
+/* 2902 */ "crq-info\0"
+/* 2911 */ "Do not use extensions in certificate requests\0"
+/* 2957 */ "NO_CRQ_EXTENSIONS\0"
+/* 2975 */ "no-crq-extensions\0"
+/* 2993 */ "Print information on a PKCS #12 structure\0"
+/* 3035 */ "P12_INFO\0"
+/* 3044 */ "p12-info\0"
+/* 3053 */ "Print information on a PKCS #7 structure\0"
+/* 3094 */ "P7_INFO\0"
+/* 3102 */ "p7-info\0"
+/* 3110 */ "Convert S/MIME to PKCS #7 structure\0"
+/* 3146 */ "SMIME_TO_P7\0"
+/* 3158 */ "smime-to-p7\0"
+/* 3170 */ "Print information on a private key\0"
+/* 3205 */ "KEY_INFO\0"
+/* 3214 */ "key-info\0"
+/* 3223 */ "Print information on an OpenPGP private key\0"
+/* 3267 */ "PGP_KEY_INFO\0"
+/* 3280 */ "pgp-key-info\0"
+/* 3293 */ "Print information on a public key\0"
+/* 3327 */ "PUBKEY_INFO\0"
+/* 3339 */ "pubkey-info\0"
+/* 3351 */ "Generate an X.509 version 1 certificate (with no extensions)\0"
+/* 3412 */ "V1\0"
+/* 3415 */ "v1\0"
+/* 3418 */ "Generate a PKCS #12 structure\0"
+/* 3448 */ "TO_P12\0"
+/* 3455 */ "to-p12\0"
+/* 3462 */ "Generate a PKCS #8 structure\0"
+/* 3491 */ "TO_P8\0"
+/* 3497 */ "to-p8\0"
+/* 3503 */ "Use PKCS #8 format for private keys\0"
+/* 3539 */ "PKCS8\0"
+/* 3545 */ "pkcs8\0"
+/* 3551 */ "Generate RSA key\0"
+/* 3568 */ "RSA\0"
+/* 3572 */ "rsa\0"
+/* 3576 */ "Generate DSA key\0"
+/* 3593 */ "DSA\0"
+/* 3597 */ "dsa\0"
+/* 3601 */ "Generate ECC (ECDSA) key\0"
+/* 3626 */ "ECC\0"
+/* 3630 */ "ecc\0"
+/* 3634 */ "Hash algorithm to use for signing.\0"
+/* 3669 */ "HASH\0"
+/* 3674 */ "hash\0"
+/* 3679 */ "Use DER format for input certificates and private keys.\0"
+/* 3735 */ "INDER\0"
+/* 3741 */ "no-inder\0"
+/* 3750 */ "no\0"
+/* 3753 */ "This is an alias for 'inder'\0"
+/* 3782 */ "inraw\0"
+/* 3788 */ "Use DER format for output certificates and private keys\0"
+/* 3844 */ "OUTDER\0"
+/* 3851 */ "no-outder\0"
+/* 3861 */ "This is an alias for 'outder'\0"
+/* 3891 */ "outraw\0"
+/* 3898 */ "Specify the number of bits for key generate\0"
+/* 3942 */ "BITS\0"
+/* 3947 */ "bits\0"
+/* 3952 */ "Specify the security level [low, legacy, normal, high, ultra].\0"
+/* 4015 */ "SEC_PARAM\0"
+/* 4025 */ "sec-param\0"
+/* 4035 */ "No effect\0"
+/* 4045 */ "DISABLE_QUICK_RANDOM\0"
+/* 4066 */ "disable-quick-random\0"
+/* 4087 */ "Template file to use for non-interactive operation\0"
+/* 4138 */ "TEMPLATE\0"
+/* 4147 */ "template\0"
+/* 4156 */ "Cipher to use for PKCS #8 and #12 operations\0"
+/* 4201 */ "PKCS_CIPHER\0"
+/* 4213 */ "pkcs-cipher\0"
+/* 4225 */ "Display extended usage information and exit\0"
+/* 4269 */ "help\0"
+/* 4274 */ "Extended usage information passed thru pager\0"
+/* 4319 */ "more-help\0"
+/* 4329 */ "Output version information and exit\0"
+/* 4365 */ "version\0"
+/* 4373 */ "CERTTOOL\0"
+/* 4382 */ "certtool - GnuTLS certificate tool - Ver. @address@hidden"
"USAGE: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]...\n\0"
-/* 4416 */ "address@hidden"
-/* 4435 */ "\n\n\0"
-/* 4438 */ "\n"
+/* 4492 */ "address@hidden"
+/* 4511 */ "\n\n\0"
+/* 4514 */ "\n"
"Tool to parse and generate X.509 certificates, requests and
private keys.\n"
"It can be used interactively or non interactively by specifying
the\n"
"template command line option.\n\0"
-/* 4612 */ "certtool @address@hidden"
-/* 4631 */ "certtool [options]\n"
+/* 4688 */ "certtool @address@hidden"
+/* 4707 */ "certtool [options]\n"
"certtool --help for usage instructions.\n";
/*
@@ -476,132 +479,140 @@ static int const aVerify_CrlMustList[] = {
| OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
/*
+ * simple-numbers option description:
+ */
+#define SIMPLE_NUMBERS_DESC (certtool_opt_strs+2327)
+#define SIMPLE_NUMBERS_NAME (certtool_opt_strs+2373)
+#define SIMPLE_NUMBERS_name (certtool_opt_strs+2388)
+#define SIMPLE_NUMBERS_FLAGS (OPTST_DISABLED)
+
+/*
* null-password option description:
*/
-#define NULL_PASSWORD_DESC (certtool_opt_strs+2327)
-#define NULL_PASSWORD_NAME (certtool_opt_strs+2351)
-#define NULL_PASSWORD_name (certtool_opt_strs+2365)
+#define NULL_PASSWORD_DESC (certtool_opt_strs+2403)
+#define NULL_PASSWORD_NAME (certtool_opt_strs+2427)
+#define NULL_PASSWORD_name (certtool_opt_strs+2441)
#define NULL_PASSWORD_FLAGS (OPTST_DISABLED)
/*
* certificate-info option description:
*/
-#define CERTIFICATE_INFO_DESC (certtool_opt_strs+2379)
-#define CERTIFICATE_INFO_NAME (certtool_opt_strs+2422)
-#define CERTIFICATE_INFO_name (certtool_opt_strs+2439)
+#define CERTIFICATE_INFO_DESC (certtool_opt_strs+2455)
+#define CERTIFICATE_INFO_NAME (certtool_opt_strs+2498)
+#define CERTIFICATE_INFO_name (certtool_opt_strs+2515)
#define CERTIFICATE_INFO_FLAGS (OPTST_DISABLED)
/*
* certificate-pubkey option description:
*/
-#define CERTIFICATE_PUBKEY_DESC (certtool_opt_strs+2456)
-#define CERTIFICATE_PUBKEY_NAME (certtool_opt_strs+2487)
-#define CERTIFICATE_PUBKEY_name (certtool_opt_strs+2506)
+#define CERTIFICATE_PUBKEY_DESC (certtool_opt_strs+2532)
+#define CERTIFICATE_PUBKEY_NAME (certtool_opt_strs+2563)
+#define CERTIFICATE_PUBKEY_name (certtool_opt_strs+2582)
#define CERTIFICATE_PUBKEY_FLAGS (OPTST_DISABLED)
/*
* pgp-certificate-info option description:
*/
-#define PGP_CERTIFICATE_INFO_DESC (certtool_opt_strs+2525)
-#define PGP_CERTIFICATE_INFO_NAME (certtool_opt_strs+2576)
-#define PGP_CERTIFICATE_INFO_name (certtool_opt_strs+2597)
+#define PGP_CERTIFICATE_INFO_DESC (certtool_opt_strs+2601)
+#define PGP_CERTIFICATE_INFO_NAME (certtool_opt_strs+2652)
+#define PGP_CERTIFICATE_INFO_name (certtool_opt_strs+2673)
#define PGP_CERTIFICATE_INFO_FLAGS (OPTST_DISABLED)
/*
* pgp-ring-info option description:
*/
-#define PGP_RING_INFO_DESC (certtool_opt_strs+2618)
-#define PGP_RING_INFO_NAME (certtool_opt_strs+2675)
-#define PGP_RING_INFO_name (certtool_opt_strs+2689)
+#define PGP_RING_INFO_DESC (certtool_opt_strs+2694)
+#define PGP_RING_INFO_NAME (certtool_opt_strs+2751)
+#define PGP_RING_INFO_name (certtool_opt_strs+2765)
#define PGP_RING_INFO_FLAGS (OPTST_DISABLED)
/*
* crl-info option description:
*/
-#define CRL_INFO_DESC (certtool_opt_strs+2703)
-#define CRL_INFO_NAME (certtool_opt_strs+2748)
-#define CRL_INFO_name (certtool_opt_strs+2757)
+#define CRL_INFO_DESC (certtool_opt_strs+2779)
+#define CRL_INFO_NAME (certtool_opt_strs+2824)
+#define CRL_INFO_name (certtool_opt_strs+2833)
#define CRL_INFO_FLAGS (OPTST_DISABLED)
/*
* crq-info option description:
*/
-#define CRQ_INFO_DESC (certtool_opt_strs+2766)
-#define CRQ_INFO_NAME (certtool_opt_strs+2817)
-#define CRQ_INFO_name (certtool_opt_strs+2826)
+#define CRQ_INFO_DESC (certtool_opt_strs+2842)
+#define CRQ_INFO_NAME (certtool_opt_strs+2893)
+#define CRQ_INFO_name (certtool_opt_strs+2902)
#define CRQ_INFO_FLAGS (OPTST_DISABLED)
/*
* no-crq-extensions option description:
*/
-#define NO_CRQ_EXTENSIONS_DESC (certtool_opt_strs+2835)
-#define NO_CRQ_EXTENSIONS_NAME (certtool_opt_strs+2881)
-#define NO_CRQ_EXTENSIONS_name (certtool_opt_strs+2899)
+#define NO_CRQ_EXTENSIONS_DESC (certtool_opt_strs+2911)
+#define NO_CRQ_EXTENSIONS_NAME (certtool_opt_strs+2957)
+#define NO_CRQ_EXTENSIONS_name (certtool_opt_strs+2975)
#define NO_CRQ_EXTENSIONS_FLAGS (OPTST_DISABLED)
/*
* p12-info option description:
*/
-#define P12_INFO_DESC (certtool_opt_strs+2917)
-#define P12_INFO_NAME (certtool_opt_strs+2959)
-#define P12_INFO_name (certtool_opt_strs+2968)
+#define P12_INFO_DESC (certtool_opt_strs+2993)
+#define P12_INFO_NAME (certtool_opt_strs+3035)
+#define P12_INFO_name (certtool_opt_strs+3044)
#define P12_INFO_FLAGS (OPTST_DISABLED)
/*
* p7-info option description:
*/
-#define P7_INFO_DESC (certtool_opt_strs+2977)
-#define P7_INFO_NAME (certtool_opt_strs+3018)
-#define P7_INFO_name (certtool_opt_strs+3026)
+#define P7_INFO_DESC (certtool_opt_strs+3053)
+#define P7_INFO_NAME (certtool_opt_strs+3094)
+#define P7_INFO_name (certtool_opt_strs+3102)
#define P7_INFO_FLAGS (OPTST_DISABLED)
/*
* smime-to-p7 option description:
*/
-#define SMIME_TO_P7_DESC (certtool_opt_strs+3034)
-#define SMIME_TO_P7_NAME (certtool_opt_strs+3070)
-#define SMIME_TO_P7_name (certtool_opt_strs+3082)
+#define SMIME_TO_P7_DESC (certtool_opt_strs+3110)
+#define SMIME_TO_P7_NAME (certtool_opt_strs+3146)
+#define SMIME_TO_P7_name (certtool_opt_strs+3158)
#define SMIME_TO_P7_FLAGS (OPTST_DISABLED)
/*
* key-info option description:
*/
-#define KEY_INFO_DESC (certtool_opt_strs+3094)
-#define KEY_INFO_NAME (certtool_opt_strs+3129)
-#define KEY_INFO_name (certtool_opt_strs+3138)
+#define KEY_INFO_DESC (certtool_opt_strs+3170)
+#define KEY_INFO_NAME (certtool_opt_strs+3205)
+#define KEY_INFO_name (certtool_opt_strs+3214)
#define KEY_INFO_FLAGS (OPTST_DISABLED)
/*
* pgp-key-info option description:
*/
-#define PGP_KEY_INFO_DESC (certtool_opt_strs+3147)
-#define PGP_KEY_INFO_NAME (certtool_opt_strs+3191)
-#define PGP_KEY_INFO_name (certtool_opt_strs+3204)
+#define PGP_KEY_INFO_DESC (certtool_opt_strs+3223)
+#define PGP_KEY_INFO_NAME (certtool_opt_strs+3267)
+#define PGP_KEY_INFO_name (certtool_opt_strs+3280)
#define PGP_KEY_INFO_FLAGS (OPTST_DISABLED)
/*
* pubkey-info option description:
*/
-#define PUBKEY_INFO_DESC (certtool_opt_strs+3217)
-#define PUBKEY_INFO_NAME (certtool_opt_strs+3251)
-#define PUBKEY_INFO_name (certtool_opt_strs+3263)
+#define PUBKEY_INFO_DESC (certtool_opt_strs+3293)
+#define PUBKEY_INFO_NAME (certtool_opt_strs+3327)
+#define PUBKEY_INFO_name (certtool_opt_strs+3339)
#define PUBKEY_INFO_FLAGS (OPTST_DISABLED)
/*
* v1 option description:
*/
-#define V1_DESC (certtool_opt_strs+3275)
-#define V1_NAME (certtool_opt_strs+3336)
-#define V1_name (certtool_opt_strs+3339)
+#define V1_DESC (certtool_opt_strs+3351)
+#define V1_NAME (certtool_opt_strs+3412)
+#define V1_name (certtool_opt_strs+3415)
#define V1_FLAGS (OPTST_DISABLED)
/*
* to-p12 option description with
* "Must also have options" and "Incompatible options":
*/
-#define TO_P12_DESC (certtool_opt_strs+3342)
-#define TO_P12_NAME (certtool_opt_strs+3372)
-#define TO_P12_name (certtool_opt_strs+3379)
+#define TO_P12_DESC (certtool_opt_strs+3418)
+#define TO_P12_NAME (certtool_opt_strs+3448)
+#define TO_P12_name (certtool_opt_strs+3455)
static int const aTo_P12MustList[] = {
INDEX_OPT_LOAD_CERTIFICATE, NO_EQUIVALENT };
#define TO_P12_FLAGS (OPTST_DISABLED)
@@ -609,140 +620,140 @@ static int const aTo_P12MustList[] = {
/*
* to-p8 option description:
*/
-#define TO_P8_DESC (certtool_opt_strs+3386)
-#define TO_P8_NAME (certtool_opt_strs+3415)
-#define TO_P8_name (certtool_opt_strs+3421)
+#define TO_P8_DESC (certtool_opt_strs+3462)
+#define TO_P8_NAME (certtool_opt_strs+3491)
+#define TO_P8_name (certtool_opt_strs+3497)
#define TO_P8_FLAGS (OPTST_DISABLED)
/*
* pkcs8 option description:
*/
-#define PKCS8_DESC (certtool_opt_strs+3427)
-#define PKCS8_NAME (certtool_opt_strs+3463)
-#define PKCS8_name (certtool_opt_strs+3469)
+#define PKCS8_DESC (certtool_opt_strs+3503)
+#define PKCS8_NAME (certtool_opt_strs+3539)
+#define PKCS8_name (certtool_opt_strs+3545)
#define PKCS8_FLAGS (OPTST_DISABLED)
/*
* rsa option description:
*/
-#define RSA_DESC (certtool_opt_strs+3475)
-#define RSA_NAME (certtool_opt_strs+3492)
-#define RSA_name (certtool_opt_strs+3496)
+#define RSA_DESC (certtool_opt_strs+3551)
+#define RSA_NAME (certtool_opt_strs+3568)
+#define RSA_name (certtool_opt_strs+3572)
#define RSA_FLAGS (OPTST_DISABLED)
/*
* dsa option description:
*/
-#define DSA_DESC (certtool_opt_strs+3500)
-#define DSA_NAME (certtool_opt_strs+3517)
-#define DSA_name (certtool_opt_strs+3521)
+#define DSA_DESC (certtool_opt_strs+3576)
+#define DSA_NAME (certtool_opt_strs+3593)
+#define DSA_name (certtool_opt_strs+3597)
#define DSA_FLAGS (OPTST_DISABLED)
/*
* ecc option description:
*/
-#define ECC_DESC (certtool_opt_strs+3525)
-#define ECC_NAME (certtool_opt_strs+3550)
-#define ECC_name (certtool_opt_strs+3554)
+#define ECC_DESC (certtool_opt_strs+3601)
+#define ECC_NAME (certtool_opt_strs+3626)
+#define ECC_name (certtool_opt_strs+3630)
#define ECC_FLAGS (OPTST_DISABLED)
/*
* hash option description:
*/
-#define HASH_DESC (certtool_opt_strs+3558)
-#define HASH_NAME (certtool_opt_strs+3593)
-#define HASH_name (certtool_opt_strs+3598)
+#define HASH_DESC (certtool_opt_strs+3634)
+#define HASH_NAME (certtool_opt_strs+3669)
+#define HASH_name (certtool_opt_strs+3674)
#define HASH_FLAGS (OPTST_DISABLED \
| OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
/*
* inder option description:
*/
-#define INDER_DESC (certtool_opt_strs+3603)
-#define INDER_NAME (certtool_opt_strs+3659)
-#define NOT_INDER_name (certtool_opt_strs+3665)
-#define NOT_INDER_PFX (certtool_opt_strs+3674)
+#define INDER_DESC (certtool_opt_strs+3679)
+#define INDER_NAME (certtool_opt_strs+3735)
+#define NOT_INDER_name (certtool_opt_strs+3741)
+#define NOT_INDER_PFX (certtool_opt_strs+3750)
#define INDER_name (NOT_INDER_name + 3)
#define INDER_FLAGS (OPTST_DISABLED)
/*
* inraw option description:
*/
-#define INRAW_DESC (certtool_opt_strs+3677)
+#define INRAW_DESC (certtool_opt_strs+3753)
#define INRAW_NAME NULL
-#define INRAW_name (certtool_opt_strs+3706)
+#define INRAW_name (certtool_opt_strs+3782)
#define INRAW_FLAGS (INDER_FLAGS | OPTST_ALIAS)
/*
* outder option description:
*/
-#define OUTDER_DESC (certtool_opt_strs+3712)
-#define OUTDER_NAME (certtool_opt_strs+3768)
-#define NOT_OUTDER_name (certtool_opt_strs+3775)
-#define NOT_OUTDER_PFX (certtool_opt_strs+3674)
+#define OUTDER_DESC (certtool_opt_strs+3788)
+#define OUTDER_NAME (certtool_opt_strs+3844)
+#define NOT_OUTDER_name (certtool_opt_strs+3851)
+#define NOT_OUTDER_PFX (certtool_opt_strs+3750)
#define OUTDER_name (NOT_OUTDER_name + 3)
#define OUTDER_FLAGS (OPTST_DISABLED)
/*
* outraw option description:
*/
-#define OUTRAW_DESC (certtool_opt_strs+3785)
+#define OUTRAW_DESC (certtool_opt_strs+3861)
#define OUTRAW_NAME NULL
-#define OUTRAW_name (certtool_opt_strs+3815)
+#define OUTRAW_name (certtool_opt_strs+3891)
#define OUTRAW_FLAGS (OUTDER_FLAGS | OPTST_ALIAS)
/*
* bits option description:
*/
-#define BITS_DESC (certtool_opt_strs+3822)
-#define BITS_NAME (certtool_opt_strs+3866)
-#define BITS_name (certtool_opt_strs+3871)
+#define BITS_DESC (certtool_opt_strs+3898)
+#define BITS_NAME (certtool_opt_strs+3942)
+#define BITS_name (certtool_opt_strs+3947)
#define BITS_FLAGS (OPTST_DISABLED \
| OPTST_SET_ARGTYPE(OPARG_TYPE_NUMERIC))
/*
* sec-param option description:
*/
-#define SEC_PARAM_DESC (certtool_opt_strs+3876)
-#define SEC_PARAM_NAME (certtool_opt_strs+3939)
-#define SEC_PARAM_name (certtool_opt_strs+3949)
+#define SEC_PARAM_DESC (certtool_opt_strs+3952)
+#define SEC_PARAM_NAME (certtool_opt_strs+4015)
+#define SEC_PARAM_name (certtool_opt_strs+4025)
#define SEC_PARAM_FLAGS (OPTST_DISABLED \
| OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
/*
* disable-quick-random option description:
*/
-#define DISABLE_QUICK_RANDOM_DESC (certtool_opt_strs+3959)
-#define DISABLE_QUICK_RANDOM_NAME (certtool_opt_strs+3969)
-#define DISABLE_QUICK_RANDOM_name (certtool_opt_strs+3990)
+#define DISABLE_QUICK_RANDOM_DESC (certtool_opt_strs+4035)
+#define DISABLE_QUICK_RANDOM_NAME (certtool_opt_strs+4045)
+#define DISABLE_QUICK_RANDOM_name (certtool_opt_strs+4066)
#define DISABLE_QUICK_RANDOM_FLAGS (OPTST_DISABLED)
/*
* template option description:
*/
-#define TEMPLATE_DESC (certtool_opt_strs+4011)
-#define TEMPLATE_NAME (certtool_opt_strs+4062)
-#define TEMPLATE_name (certtool_opt_strs+4071)
+#define TEMPLATE_DESC (certtool_opt_strs+4087)
+#define TEMPLATE_NAME (certtool_opt_strs+4138)
+#define TEMPLATE_name (certtool_opt_strs+4147)
#define TEMPLATE_FLAGS (OPTST_DISABLED \
| OPTST_SET_ARGTYPE(OPARG_TYPE_FILE))
/*
* pkcs-cipher option description:
*/
-#define PKCS_CIPHER_DESC (certtool_opt_strs+4080)
-#define PKCS_CIPHER_NAME (certtool_opt_strs+4125)
-#define PKCS_CIPHER_name (certtool_opt_strs+4137)
+#define PKCS_CIPHER_DESC (certtool_opt_strs+4156)
+#define PKCS_CIPHER_NAME (certtool_opt_strs+4201)
+#define PKCS_CIPHER_name (certtool_opt_strs+4213)
#define PKCS_CIPHER_FLAGS (OPTST_DISABLED \
| OPTST_SET_ARGTYPE(OPARG_TYPE_STRING))
/*
* Help/More_Help/Version option descriptions:
*/
-#define HELP_DESC (certtool_opt_strs+4149)
-#define HELP_name (certtool_opt_strs+4193)
+#define HELP_DESC (certtool_opt_strs+4225)
+#define HELP_name (certtool_opt_strs+4269)
#ifdef HAVE_WORKING_FORK
-#define MORE_HELP_DESC (certtool_opt_strs+4198)
-#define MORE_HELP_name (certtool_opt_strs+4243)
+#define MORE_HELP_DESC (certtool_opt_strs+4274)
+#define MORE_HELP_name (certtool_opt_strs+4319)
#define MORE_HELP_FLAGS (OPTST_IMM | OPTST_NO_INIT)
#else
#define MORE_HELP_DESC NULL
@@ -755,8 +766,8 @@ static int const aTo_P12MustList[] = {
# define VER_FLAGS (OPTST_SET_ARGTYPE(OPARG_TYPE_STRING) | \
OPTST_ARG_OPTIONAL | OPTST_IMM | OPTST_NO_INIT)
#endif
-#define VER_DESC (certtool_opt_strs+4253)
-#define VER_name (certtool_opt_strs+4289)
+#define VER_DESC (certtool_opt_strs+4329)
+#define VER_name (certtool_opt_strs+4365)
/*
* Declare option callback procedures
*/
@@ -1066,8 +1077,20 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ PASSWORD_DESC, PASSWORD_NAME, PASSWORD_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 24, VALUE_OPT_NULL_PASSWORD,
- /* equiv idx, value */ 24, VALUE_OPT_NULL_PASSWORD,
+ { /* entry idx, value */ 24, VALUE_OPT_SIMPLE_NUMBERS,
+ /* equiv idx, value */ 24, VALUE_OPT_SIMPLE_NUMBERS,
+ /* equivalenced to */ NO_EQUIVALENT,
+ /* min, max, act ct */ 0, 1, 0,
+ /* opt state flags */ SIMPLE_NUMBERS_FLAGS, 0,
+ /* last opt argumnt */ { NULL }, /* --simple-numbers */
+ /* arg list/cookie */ NULL,
+ /* must/cannot opts */ NULL, NULL,
+ /* option proc */ NULL,
+ /* desc, NAME, name */ SIMPLE_NUMBERS_DESC, SIMPLE_NUMBERS_NAME,
SIMPLE_NUMBERS_name,
+ /* disablement strs */ NULL, NULL },
+
+ { /* entry idx, value */ 25, VALUE_OPT_NULL_PASSWORD,
+ /* equiv idx, value */ 25, VALUE_OPT_NULL_PASSWORD,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ NULL_PASSWORD_FLAGS, 0,
@@ -1078,8 +1101,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ NULL_PASSWORD_DESC, NULL_PASSWORD_NAME,
NULL_PASSWORD_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 25, VALUE_OPT_CERTIFICATE_INFO,
- /* equiv idx, value */ 25, VALUE_OPT_CERTIFICATE_INFO,
+ { /* entry idx, value */ 26, VALUE_OPT_CERTIFICATE_INFO,
+ /* equiv idx, value */ 26, VALUE_OPT_CERTIFICATE_INFO,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ CERTIFICATE_INFO_FLAGS, 0,
@@ -1090,8 +1113,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ CERTIFICATE_INFO_DESC, CERTIFICATE_INFO_NAME,
CERTIFICATE_INFO_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 26, VALUE_OPT_CERTIFICATE_PUBKEY,
- /* equiv idx, value */ 26, VALUE_OPT_CERTIFICATE_PUBKEY,
+ { /* entry idx, value */ 27, VALUE_OPT_CERTIFICATE_PUBKEY,
+ /* equiv idx, value */ 27, VALUE_OPT_CERTIFICATE_PUBKEY,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ CERTIFICATE_PUBKEY_FLAGS, 0,
@@ -1102,8 +1125,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ CERTIFICATE_PUBKEY_DESC, CERTIFICATE_PUBKEY_NAME,
CERTIFICATE_PUBKEY_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 27, VALUE_OPT_PGP_CERTIFICATE_INFO,
- /* equiv idx, value */ 27, VALUE_OPT_PGP_CERTIFICATE_INFO,
+ { /* entry idx, value */ 28, VALUE_OPT_PGP_CERTIFICATE_INFO,
+ /* equiv idx, value */ 28, VALUE_OPT_PGP_CERTIFICATE_INFO,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ PGP_CERTIFICATE_INFO_FLAGS, 0,
@@ -1114,8 +1137,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ PGP_CERTIFICATE_INFO_DESC,
PGP_CERTIFICATE_INFO_NAME, PGP_CERTIFICATE_INFO_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 28, VALUE_OPT_PGP_RING_INFO,
- /* equiv idx, value */ 28, VALUE_OPT_PGP_RING_INFO,
+ { /* entry idx, value */ 29, VALUE_OPT_PGP_RING_INFO,
+ /* equiv idx, value */ 29, VALUE_OPT_PGP_RING_INFO,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ PGP_RING_INFO_FLAGS, 0,
@@ -1126,8 +1149,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ PGP_RING_INFO_DESC, PGP_RING_INFO_NAME,
PGP_RING_INFO_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 29, VALUE_OPT_CRL_INFO,
- /* equiv idx, value */ 29, VALUE_OPT_CRL_INFO,
+ { /* entry idx, value */ 30, VALUE_OPT_CRL_INFO,
+ /* equiv idx, value */ 30, VALUE_OPT_CRL_INFO,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ CRL_INFO_FLAGS, 0,
@@ -1138,8 +1161,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ CRL_INFO_DESC, CRL_INFO_NAME, CRL_INFO_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 30, VALUE_OPT_CRQ_INFO,
- /* equiv idx, value */ 30, VALUE_OPT_CRQ_INFO,
+ { /* entry idx, value */ 31, VALUE_OPT_CRQ_INFO,
+ /* equiv idx, value */ 31, VALUE_OPT_CRQ_INFO,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ CRQ_INFO_FLAGS, 0,
@@ -1150,8 +1173,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ CRQ_INFO_DESC, CRQ_INFO_NAME, CRQ_INFO_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 31, VALUE_OPT_NO_CRQ_EXTENSIONS,
- /* equiv idx, value */ 31, VALUE_OPT_NO_CRQ_EXTENSIONS,
+ { /* entry idx, value */ 32, VALUE_OPT_NO_CRQ_EXTENSIONS,
+ /* equiv idx, value */ 32, VALUE_OPT_NO_CRQ_EXTENSIONS,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ NO_CRQ_EXTENSIONS_FLAGS, 0,
@@ -1162,8 +1185,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ NO_CRQ_EXTENSIONS_DESC, NO_CRQ_EXTENSIONS_NAME,
NO_CRQ_EXTENSIONS_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 32, VALUE_OPT_P12_INFO,
- /* equiv idx, value */ 32, VALUE_OPT_P12_INFO,
+ { /* entry idx, value */ 33, VALUE_OPT_P12_INFO,
+ /* equiv idx, value */ 33, VALUE_OPT_P12_INFO,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ P12_INFO_FLAGS, 0,
@@ -1174,8 +1197,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ P12_INFO_DESC, P12_INFO_NAME, P12_INFO_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 33, VALUE_OPT_P7_INFO,
- /* equiv idx, value */ 33, VALUE_OPT_P7_INFO,
+ { /* entry idx, value */ 34, VALUE_OPT_P7_INFO,
+ /* equiv idx, value */ 34, VALUE_OPT_P7_INFO,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ P7_INFO_FLAGS, 0,
@@ -1186,8 +1209,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ P7_INFO_DESC, P7_INFO_NAME, P7_INFO_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 34, VALUE_OPT_SMIME_TO_P7,
- /* equiv idx, value */ 34, VALUE_OPT_SMIME_TO_P7,
+ { /* entry idx, value */ 35, VALUE_OPT_SMIME_TO_P7,
+ /* equiv idx, value */ 35, VALUE_OPT_SMIME_TO_P7,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ SMIME_TO_P7_FLAGS, 0,
@@ -1198,8 +1221,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ SMIME_TO_P7_DESC, SMIME_TO_P7_NAME,
SMIME_TO_P7_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 35, VALUE_OPT_KEY_INFO,
- /* equiv idx, value */ 35, VALUE_OPT_KEY_INFO,
+ { /* entry idx, value */ 36, VALUE_OPT_KEY_INFO,
+ /* equiv idx, value */ 36, VALUE_OPT_KEY_INFO,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ KEY_INFO_FLAGS, 0,
@@ -1210,8 +1233,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ KEY_INFO_DESC, KEY_INFO_NAME, KEY_INFO_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 36, VALUE_OPT_PGP_KEY_INFO,
- /* equiv idx, value */ 36, VALUE_OPT_PGP_KEY_INFO,
+ { /* entry idx, value */ 37, VALUE_OPT_PGP_KEY_INFO,
+ /* equiv idx, value */ 37, VALUE_OPT_PGP_KEY_INFO,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ PGP_KEY_INFO_FLAGS, 0,
@@ -1222,8 +1245,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ PGP_KEY_INFO_DESC, PGP_KEY_INFO_NAME,
PGP_KEY_INFO_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 37, VALUE_OPT_PUBKEY_INFO,
- /* equiv idx, value */ 37, VALUE_OPT_PUBKEY_INFO,
+ { /* entry idx, value */ 38, VALUE_OPT_PUBKEY_INFO,
+ /* equiv idx, value */ 38, VALUE_OPT_PUBKEY_INFO,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ PUBKEY_INFO_FLAGS, 0,
@@ -1234,8 +1257,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ PUBKEY_INFO_DESC, PUBKEY_INFO_NAME,
PUBKEY_INFO_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 38, VALUE_OPT_V1,
- /* equiv idx, value */ 38, VALUE_OPT_V1,
+ { /* entry idx, value */ 39, VALUE_OPT_V1,
+ /* equiv idx, value */ 39, VALUE_OPT_V1,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ V1_FLAGS, 0,
@@ -1246,8 +1269,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ V1_DESC, V1_NAME, V1_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 39, VALUE_OPT_TO_P12,
- /* equiv idx, value */ 39, VALUE_OPT_TO_P12,
+ { /* entry idx, value */ 40, VALUE_OPT_TO_P12,
+ /* equiv idx, value */ 40, VALUE_OPT_TO_P12,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ TO_P12_FLAGS, 0,
@@ -1258,8 +1281,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ TO_P12_DESC, TO_P12_NAME, TO_P12_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 40, VALUE_OPT_TO_P8,
- /* equiv idx, value */ 40, VALUE_OPT_TO_P8,
+ { /* entry idx, value */ 41, VALUE_OPT_TO_P8,
+ /* equiv idx, value */ 41, VALUE_OPT_TO_P8,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ TO_P8_FLAGS, 0,
@@ -1270,8 +1293,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ TO_P8_DESC, TO_P8_NAME, TO_P8_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 41, VALUE_OPT_PKCS8,
- /* equiv idx, value */ 41, VALUE_OPT_PKCS8,
+ { /* entry idx, value */ 42, VALUE_OPT_PKCS8,
+ /* equiv idx, value */ 42, VALUE_OPT_PKCS8,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ PKCS8_FLAGS, 0,
@@ -1282,8 +1305,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ PKCS8_DESC, PKCS8_NAME, PKCS8_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 42, VALUE_OPT_RSA,
- /* equiv idx, value */ 42, VALUE_OPT_RSA,
+ { /* entry idx, value */ 43, VALUE_OPT_RSA,
+ /* equiv idx, value */ 43, VALUE_OPT_RSA,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ RSA_FLAGS, 0,
@@ -1294,8 +1317,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ RSA_DESC, RSA_NAME, RSA_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 43, VALUE_OPT_DSA,
- /* equiv idx, value */ 43, VALUE_OPT_DSA,
+ { /* entry idx, value */ 44, VALUE_OPT_DSA,
+ /* equiv idx, value */ 44, VALUE_OPT_DSA,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ DSA_FLAGS, 0,
@@ -1306,8 +1329,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ DSA_DESC, DSA_NAME, DSA_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 44, VALUE_OPT_ECC,
- /* equiv idx, value */ 44, VALUE_OPT_ECC,
+ { /* entry idx, value */ 45, VALUE_OPT_ECC,
+ /* equiv idx, value */ 45, VALUE_OPT_ECC,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ ECC_FLAGS, 0,
@@ -1318,8 +1341,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ ECC_DESC, ECC_NAME, ECC_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 45, VALUE_OPT_HASH,
- /* equiv idx, value */ 45, VALUE_OPT_HASH,
+ { /* entry idx, value */ 46, VALUE_OPT_HASH,
+ /* equiv idx, value */ 46, VALUE_OPT_HASH,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ HASH_FLAGS, 0,
@@ -1330,8 +1353,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ HASH_DESC, HASH_NAME, HASH_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 46, VALUE_OPT_INDER,
- /* equiv idx, value */ 46, VALUE_OPT_INDER,
+ { /* entry idx, value */ 47, VALUE_OPT_INDER,
+ /* equiv idx, value */ 47, VALUE_OPT_INDER,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ INDER_FLAGS, 0,
@@ -1342,8 +1365,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ INDER_DESC, INDER_NAME, INDER_name,
/* disablement strs */ NOT_INDER_name, NOT_INDER_PFX },
- { /* entry idx, value */ 47, VALUE_OPT_INRAW,
- /* equiv idx, value */ 47, VALUE_OPT_INRAW,
+ { /* entry idx, value */ 48, VALUE_OPT_INRAW,
+ /* equiv idx, value */ 48, VALUE_OPT_INRAW,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ INRAW_FLAGS, 0,
@@ -1354,8 +1377,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ INRAW_DESC, INRAW_NAME, INRAW_name,
/* disablement strs */ 0, 0 },
- { /* entry idx, value */ 48, VALUE_OPT_OUTDER,
- /* equiv idx, value */ 48, VALUE_OPT_OUTDER,
+ { /* entry idx, value */ 49, VALUE_OPT_OUTDER,
+ /* equiv idx, value */ 49, VALUE_OPT_OUTDER,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ OUTDER_FLAGS, 0,
@@ -1366,8 +1389,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ OUTDER_DESC, OUTDER_NAME, OUTDER_name,
/* disablement strs */ NOT_OUTDER_name, NOT_OUTDER_PFX },
- { /* entry idx, value */ 49, VALUE_OPT_OUTRAW,
- /* equiv idx, value */ 49, VALUE_OPT_OUTRAW,
+ { /* entry idx, value */ 50, VALUE_OPT_OUTRAW,
+ /* equiv idx, value */ 50, VALUE_OPT_OUTRAW,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ OUTRAW_FLAGS, 0,
@@ -1378,8 +1401,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ OUTRAW_DESC, OUTRAW_NAME, OUTRAW_name,
/* disablement strs */ 0, 0 },
- { /* entry idx, value */ 50, VALUE_OPT_BITS,
- /* equiv idx, value */ 50, VALUE_OPT_BITS,
+ { /* entry idx, value */ 51, VALUE_OPT_BITS,
+ /* equiv idx, value */ 51, VALUE_OPT_BITS,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ BITS_FLAGS, 0,
@@ -1390,8 +1413,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ BITS_DESC, BITS_NAME, BITS_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 51, VALUE_OPT_SEC_PARAM,
- /* equiv idx, value */ 51, VALUE_OPT_SEC_PARAM,
+ { /* entry idx, value */ 52, VALUE_OPT_SEC_PARAM,
+ /* equiv idx, value */ 52, VALUE_OPT_SEC_PARAM,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ SEC_PARAM_FLAGS, 0,
@@ -1402,8 +1425,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ SEC_PARAM_DESC, SEC_PARAM_NAME, SEC_PARAM_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 52, VALUE_OPT_DISABLE_QUICK_RANDOM,
- /* equiv idx, value */ 52, VALUE_OPT_DISABLE_QUICK_RANDOM,
+ { /* entry idx, value */ 53, VALUE_OPT_DISABLE_QUICK_RANDOM,
+ /* equiv idx, value */ 53, VALUE_OPT_DISABLE_QUICK_RANDOM,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ DISABLE_QUICK_RANDOM_FLAGS, 0,
@@ -1414,8 +1437,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ DISABLE_QUICK_RANDOM_DESC,
DISABLE_QUICK_RANDOM_NAME, DISABLE_QUICK_RANDOM_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 53, VALUE_OPT_TEMPLATE,
- /* equiv idx, value */ 53, VALUE_OPT_TEMPLATE,
+ { /* entry idx, value */ 54, VALUE_OPT_TEMPLATE,
+ /* equiv idx, value */ 54, VALUE_OPT_TEMPLATE,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ TEMPLATE_FLAGS, 0,
@@ -1426,8 +1449,8 @@ static tOptDesc optDesc[OPTION_CT] = {
/* desc, NAME, name */ TEMPLATE_DESC, TEMPLATE_NAME, TEMPLATE_name,
/* disablement strs */ NULL, NULL },
- { /* entry idx, value */ 54, VALUE_OPT_PKCS_CIPHER,
- /* equiv idx, value */ 54, VALUE_OPT_PKCS_CIPHER,
+ { /* entry idx, value */ 55, VALUE_OPT_PKCS_CIPHER,
+ /* equiv idx, value */ 55, VALUE_OPT_PKCS_CIPHER,
/* equivalenced to */ NO_EQUIVALENT,
/* min, max, act ct */ 0, 1, 0,
/* opt state flags */ PKCS_CIPHER_FLAGS, 0,
@@ -1482,14 +1505,14 @@ static tOptDesc optDesc[OPTION_CT] = {
*
* Define the certtool Option Environment
*/
-#define zPROGNAME (certtool_opt_strs+4297)
-#define zUsageTitle (certtool_opt_strs+4306)
+#define zPROGNAME (certtool_opt_strs+4373)
+#define zUsageTitle (certtool_opt_strs+4382)
#define zRcName NULL
#define apzHomeList NULL
-#define zBugsAddr (certtool_opt_strs+4416)
-#define zExplain (certtool_opt_strs+4435)
-#define zDetail (certtool_opt_strs+4438)
-#define zFullVersion (certtool_opt_strs+4612)
+#define zBugsAddr (certtool_opt_strs+4492)
+#define zExplain (certtool_opt_strs+4511)
+#define zDetail (certtool_opt_strs+4514)
+#define zFullVersion (certtool_opt_strs+4688)
/* extracted from optcode.tlib near line 350 */
#if defined(ENABLE_NLS)
@@ -1503,7 +1526,7 @@ static tOptDesc optDesc[OPTION_CT] = {
#define certtool_full_usage (NULL)
-#define certtool_short_usage (certtool_opt_strs+4631)
+#define certtool_short_usage (certtool_opt_strs+4707)
#endif /* not defined __doxygen__ */
@@ -1720,7 +1743,7 @@ tOptions certtoolOptions = {
NO_EQUIVALENT, /* '-#' option index */
NO_EQUIVALENT /* index of default opt */
},
- 58 /* full option count */, 55 /* user option count */,
+ 59 /* full option count */, 56 /* user option count */,
certtool_full_usage, certtool_short_usage,
NULL, NULL,
PKGDATADIR, certtool_packager_info
diff --git a/src/certtool-args.def b/src/certtool-args.def
index 5e22325..0cd94b5 100644
--- a/src/certtool-args.def
+++ b/src/certtool-args.def
@@ -151,6 +151,12 @@ flag = {
};
flag = {
+ name = simple-numbers;
+ descrip = "Print big number in an easier format to parse";
+ doc = "";
+};
+
+flag = {
name = null-password;
descrip = "Enforce a NULL password";
doc = "This option enforces a NULL password. This may be different than
the empty password in some schemas.";
@@ -235,7 +241,7 @@ flag = {
flag = {
name = pubkey-info;
descrip = "Print information on a public key";
- doc = "The option combined with --load-pubkey, --load-privkey and
--load-certificate will extract the public key of the object in question.";
+ doc = "The option combined with --load-request, --load-pubkey,
--load-privkey and --load-certificate will extract the public key of the object
in question.";
};
flag = {
diff --git a/src/certtool-args.h b/src/certtool-args.h
index a3c43b3..6816652 100644
--- a/src/certtool-args.h
+++ b/src/certtool-args.h
@@ -2,7 +2,7 @@
*
* DO NOT EDIT THIS FILE (certtool-args.h)
*
- * It has been AutoGen-ed November 20, 2012 at 12:55:34 AM by AutoGen 5.16
+ * It has been AutoGen-ed November 20, 2012 at 05:51:05 PM by AutoGen 5.16
* From the definitions certtool-args.def
* and the template file options
*
@@ -91,43 +91,44 @@ typedef enum {
INDEX_OPT_LOAD_CA_PRIVKEY = 21,
INDEX_OPT_LOAD_CA_CERTIFICATE = 22,
INDEX_OPT_PASSWORD = 23,
- INDEX_OPT_NULL_PASSWORD = 24,
- INDEX_OPT_CERTIFICATE_INFO = 25,
- INDEX_OPT_CERTIFICATE_PUBKEY = 26,
- INDEX_OPT_PGP_CERTIFICATE_INFO = 27,
- INDEX_OPT_PGP_RING_INFO = 28,
- INDEX_OPT_CRL_INFO = 29,
- INDEX_OPT_CRQ_INFO = 30,
- INDEX_OPT_NO_CRQ_EXTENSIONS = 31,
- INDEX_OPT_P12_INFO = 32,
- INDEX_OPT_P7_INFO = 33,
- INDEX_OPT_SMIME_TO_P7 = 34,
- INDEX_OPT_KEY_INFO = 35,
- INDEX_OPT_PGP_KEY_INFO = 36,
- INDEX_OPT_PUBKEY_INFO = 37,
- INDEX_OPT_V1 = 38,
- INDEX_OPT_TO_P12 = 39,
- INDEX_OPT_TO_P8 = 40,
- INDEX_OPT_PKCS8 = 41,
- INDEX_OPT_RSA = 42,
- INDEX_OPT_DSA = 43,
- INDEX_OPT_ECC = 44,
- INDEX_OPT_HASH = 45,
- INDEX_OPT_INDER = 46,
- INDEX_OPT_INRAW = 47,
- INDEX_OPT_OUTDER = 48,
- INDEX_OPT_OUTRAW = 49,
- INDEX_OPT_BITS = 50,
- INDEX_OPT_SEC_PARAM = 51,
- INDEX_OPT_DISABLE_QUICK_RANDOM = 52,
- INDEX_OPT_TEMPLATE = 53,
- INDEX_OPT_PKCS_CIPHER = 54,
- INDEX_OPT_VERSION = 55,
- INDEX_OPT_HELP = 56,
- INDEX_OPT_MORE_HELP = 57
+ INDEX_OPT_SIMPLE_NUMBERS = 24,
+ INDEX_OPT_NULL_PASSWORD = 25,
+ INDEX_OPT_CERTIFICATE_INFO = 26,
+ INDEX_OPT_CERTIFICATE_PUBKEY = 27,
+ INDEX_OPT_PGP_CERTIFICATE_INFO = 28,
+ INDEX_OPT_PGP_RING_INFO = 29,
+ INDEX_OPT_CRL_INFO = 30,
+ INDEX_OPT_CRQ_INFO = 31,
+ INDEX_OPT_NO_CRQ_EXTENSIONS = 32,
+ INDEX_OPT_P12_INFO = 33,
+ INDEX_OPT_P7_INFO = 34,
+ INDEX_OPT_SMIME_TO_P7 = 35,
+ INDEX_OPT_KEY_INFO = 36,
+ INDEX_OPT_PGP_KEY_INFO = 37,
+ INDEX_OPT_PUBKEY_INFO = 38,
+ INDEX_OPT_V1 = 39,
+ INDEX_OPT_TO_P12 = 40,
+ INDEX_OPT_TO_P8 = 41,
+ INDEX_OPT_PKCS8 = 42,
+ INDEX_OPT_RSA = 43,
+ INDEX_OPT_DSA = 44,
+ INDEX_OPT_ECC = 45,
+ INDEX_OPT_HASH = 46,
+ INDEX_OPT_INDER = 47,
+ INDEX_OPT_INRAW = 48,
+ INDEX_OPT_OUTDER = 49,
+ INDEX_OPT_OUTRAW = 50,
+ INDEX_OPT_BITS = 51,
+ INDEX_OPT_SEC_PARAM = 52,
+ INDEX_OPT_DISABLE_QUICK_RANDOM = 53,
+ INDEX_OPT_TEMPLATE = 54,
+ INDEX_OPT_PKCS_CIPHER = 55,
+ INDEX_OPT_VERSION = 56,
+ INDEX_OPT_HELP = 57,
+ INDEX_OPT_MORE_HELP = 58
} teOptIndex;
-#define OPTION_CT 58
+#define OPTION_CT 59
#define CERTTOOL_VERSION "@VERSION@"
#define CERTTOOL_FULL_VERSION "certtool @VERSION@"
@@ -191,39 +192,40 @@ typedef enum {
#define VALUE_OPT_LOAD_CA_PRIVKEY 21
#define VALUE_OPT_LOAD_CA_CERTIFICATE 22
#define VALUE_OPT_PASSWORD 23
-#define VALUE_OPT_NULL_PASSWORD 24
+#define VALUE_OPT_SIMPLE_NUMBERS 24
+#define VALUE_OPT_NULL_PASSWORD 25
#define VALUE_OPT_CERTIFICATE_INFO 'i'
-#define VALUE_OPT_CERTIFICATE_PUBKEY 26
-#define VALUE_OPT_PGP_CERTIFICATE_INFO 27
-#define VALUE_OPT_PGP_RING_INFO 28
+#define VALUE_OPT_CERTIFICATE_PUBKEY 27
+#define VALUE_OPT_PGP_CERTIFICATE_INFO 28
+#define VALUE_OPT_PGP_RING_INFO 29
#define VALUE_OPT_CRL_INFO 'l'
-#define VALUE_OPT_CRQ_INFO 30
-#define VALUE_OPT_NO_CRQ_EXTENSIONS 31
-#define VALUE_OPT_P12_INFO 32
-#define VALUE_OPT_P7_INFO 129
-#define VALUE_OPT_SMIME_TO_P7 130
+#define VALUE_OPT_CRQ_INFO 31
+#define VALUE_OPT_NO_CRQ_EXTENSIONS 32
+#define VALUE_OPT_P12_INFO 129
+#define VALUE_OPT_P7_INFO 130
+#define VALUE_OPT_SMIME_TO_P7 131
#define VALUE_OPT_KEY_INFO 'k'
-#define VALUE_OPT_PGP_KEY_INFO 132
-#define VALUE_OPT_PUBKEY_INFO 133
-#define VALUE_OPT_V1 134
-#define VALUE_OPT_TO_P12 135
-#define VALUE_OPT_TO_P8 136
+#define VALUE_OPT_PGP_KEY_INFO 133
+#define VALUE_OPT_PUBKEY_INFO 134
+#define VALUE_OPT_V1 135
+#define VALUE_OPT_TO_P12 136
+#define VALUE_OPT_TO_P8 137
#define VALUE_OPT_PKCS8 '8'
-#define VALUE_OPT_RSA 138
-#define VALUE_OPT_DSA 139
-#define VALUE_OPT_ECC 140
-#define VALUE_OPT_HASH 141
-#define VALUE_OPT_INDER 142
-#define VALUE_OPT_INRAW 143
-#define VALUE_OPT_OUTDER 144
-#define VALUE_OPT_OUTRAW 145
-#define VALUE_OPT_BITS 146
+#define VALUE_OPT_RSA 139
+#define VALUE_OPT_DSA 140
+#define VALUE_OPT_ECC 141
+#define VALUE_OPT_HASH 142
+#define VALUE_OPT_INDER 143
+#define VALUE_OPT_INRAW 144
+#define VALUE_OPT_OUTDER 145
+#define VALUE_OPT_OUTRAW 146
+#define VALUE_OPT_BITS 147
#define OPT_VALUE_BITS (DESC(BITS).optArg.argInt)
-#define VALUE_OPT_SEC_PARAM 147
-#define VALUE_OPT_DISABLE_QUICK_RANDOM 148
-#define VALUE_OPT_TEMPLATE 149
-#define VALUE_OPT_PKCS_CIPHER 150
+#define VALUE_OPT_SEC_PARAM 148
+#define VALUE_OPT_DISABLE_QUICK_RANDOM 149
+#define VALUE_OPT_TEMPLATE 150
+#define VALUE_OPT_PKCS_CIPHER 151
#define VALUE_OPT_HELP 'h'
#define VALUE_OPT_MORE_HELP '!'
#define VALUE_OPT_VERSION 'v'
diff --git a/src/certtool-common.c b/src/certtool-common.c
index 518367d..a24f035 100644
--- a/src/certtool-common.c
+++ b/src/certtool-common.c
@@ -691,142 +691,18 @@ print_rsa_pkey (FILE* outfile, gnutls_datum_t * m,
gnutls_datum_t * e, gnutls_da
}
}
-static void
-print_key_usage (FILE * outfile, unsigned int usage)
-{
- if (usage & GNUTLS_KEY_DIGITAL_SIGNATURE)
- {
- fprintf (outfile, "\tDigital signature.\n");
- }
-
- if (usage & GNUTLS_KEY_NON_REPUDIATION)
- {
- fprintf (outfile, "\tNon repudiation.\n");
- }
-
- if (usage & GNUTLS_KEY_KEY_ENCIPHERMENT)
- {
- fprintf (outfile, "\tKey encipherment.\n");
- }
-
- if (usage & GNUTLS_KEY_DATA_ENCIPHERMENT)
- {
- fprintf (outfile, "\tData encipherment.\n");
- }
-
- if (usage & GNUTLS_KEY_KEY_AGREEMENT)
- {
- fprintf (outfile, "\tKey agreement.\n");
- }
-
- if (usage & GNUTLS_KEY_KEY_CERT_SIGN)
- {
- fprintf (outfile, "\tCertificate signing.\n");
- }
-
- if (usage & GNUTLS_KEY_NON_REPUDIATION)
- {
- fprintf (outfile, "\tCRL signing.\n");
- }
-
- if (usage & GNUTLS_KEY_ENCIPHER_ONLY)
- {
- fprintf (outfile, "\tKey encipher only.\n");
- }
-
- if (usage & GNUTLS_KEY_DECIPHER_ONLY)
- {
- fprintf (outfile, "\tKey decipher only.\n");
- }
-}
-
-void _pubkey_info(FILE* outfile, gnutls_pubkey_t pubkey)
+void _pubkey_info(FILE* outfile, gnutls_certificate_print_formats_t format,
gnutls_pubkey_t pubkey)
{
-unsigned int usage;
+gnutls_datum_t data;
int ret;
size_t size;
-unsigned int bits;
-const char *cprint;
-
- fprintf (outfile, "Public Key Info:\n\n");
- ret = gnutls_pubkey_get_pk_algorithm (pubkey, &bits);
- fprintf (outfile, "Public Key Algorithm: ");
- cprint = gnutls_pk_algorithm_get_name (ret);
- fprintf (outfile, "%s (%u bits)\n", cprint ? cprint : "Unknown", bits);
-
- /* Print the raw public and private keys
- */
- if (ret == GNUTLS_PK_RSA)
- {
- gnutls_datum_t m, e;
- ret = gnutls_pubkey_get_pk_rsa_raw (pubkey, &m, &e);
- if (ret < 0)
- fprintf (stderr, "Error in key RSA data export: %s\n",
- gnutls_strerror (ret));
- else
- {
- print_rsa_pkey (outfile, &m, &e, NULL, NULL, NULL, NULL, NULL, NULL);
- gnutls_free (m.data);
- gnutls_free (e.data);
- }
- }
- else if (ret == GNUTLS_PK_DSA)
- {
- gnutls_datum_t p, q, g, y;
-
- ret = gnutls_pubkey_get_pk_dsa_raw (pubkey, &p, &q, &g, &y);
- if (ret < 0)
- fprintf (stderr, "Error in key DSA data export: %s\n",
- gnutls_strerror (ret));
- else
- {
- print_dsa_pkey (outfile, NULL, &y, &p, &q, &g);
- gnutls_free (y.data);
- gnutls_free (p.data);
- gnutls_free (q.data);
- gnutls_free (g.data);
- }
- }
- else if (ret == GNUTLS_PK_EC)
- {
- gnutls_datum_t x, y;
- gnutls_ecc_curve_t curve;
-
- ret = gnutls_pubkey_get_pk_ecc_raw (pubkey, &curve, &x, &y);
- if (ret < 0)
- fprintf (stderr, "Error in key ECC data export: %s\n",
- gnutls_strerror (ret));
- else
- {
- print_ecc_pkey (outfile, curve, NULL, &y, &x);
- gnutls_free (y.data);
- gnutls_free (x.data);
- }
- }
-
- ret = gnutls_pubkey_get_key_usage (pubkey, &usage);
+ ret = gnutls_pubkey_print(pubkey, format, &data);
if (ret < 0)
- {
- error (EXIT_FAILURE, 0, "pubkey_get_key_usage: %s",
- gnutls_strerror (ret));
- }
-
- fprintf (outfile, "Public Key Usage:\n");
- print_key_usage (outfile, usage);
-
- fprintf (outfile, "\n");
+ error (EXIT_FAILURE, 0, "pubkey_print error: %s", gnutls_strerror (ret));
- size = buffer_size;
- if ((ret = gnutls_pubkey_get_key_id (pubkey, 0, buffer, &size)) < 0)
- {
- fprintf (stderr, "Error in key id calculation: %s\n",
- gnutls_strerror (ret));
- }
- else
- {
- fprintf (outfile, "Public Key ID: %s\n", raw_to_string (buffer, size));
- }
+ fprintf (outfile, "%s\n", data.data);
+ gnutls_free (data.data);
size = buffer_size;
ret = gnutls_pubkey_export (pubkey, GNUTLS_X509_FMT_PEM, buffer, &size);
diff --git a/src/certtool-common.h b/src/certtool-common.h
index dcaed44..ea296d5 100644
--- a/src/certtool-common.h
+++ b/src/certtool-common.h
@@ -78,7 +78,7 @@ void dh_info (common_info_st * ci);
gnutls_x509_privkey_t * load_privkey_list (int mand, size_t * privkey_size,
common_info_st * info);
-void _pubkey_info(FILE* outfile, gnutls_pubkey_t pubkey);
+void _pubkey_info(FILE* outfile, gnutls_certificate_print_formats_t,
gnutls_pubkey_t pubkey);
void
print_ecc_pkey (FILE* outfile, gnutls_ecc_curve_t curve, gnutls_datum_t* k,
gnutls_datum_t * x, gnutls_datum_t * y);
void
diff --git a/src/certtool.c b/src/certtool.c
index dd34e3a..d858be2 100644
--- a/src/certtool.c
+++ b/src/certtool.c
@@ -79,6 +79,7 @@ FILE *infile;
static gnutls_digest_algorithm_t default_dig;
static unsigned int incert_format, outcert_format;
static unsigned int req_key_type;
+gnutls_certificate_print_formats_t full_format = GNUTLS_CRT_PRINT_FULL;
/* non interactive operation if set
*/
@@ -885,6 +886,9 @@ cmd_parser (int argc, char **argv)
if (HAVE_OPT(GENERATE_PRIVKEY) || HAVE_OPT(GENERATE_REQUEST) ||
HAVE_OPT(KEY_INFO) || HAVE_OPT(PGP_KEY_INFO))
privkey_op = 1;
+
+ if (HAVE_OPT(SIMPLE_NUMBERS))
+ full_format = GNUTLS_CRT_PRINT_FULL_NUMBERS;
if (HAVE_OPT(OUTFILE))
{
@@ -1436,7 +1440,7 @@ print_certificate_info (gnutls_x509_crt_t crt, FILE *
out, unsigned int all)
int ret;
if (all)
- ret = gnutls_x509_crt_print (crt, GNUTLS_CRT_PRINT_FULL, &data);
+ ret = gnutls_x509_crt_print (crt, full_format, &data);
else
ret = gnutls_x509_crt_print (crt, GNUTLS_CRT_PRINT_UNSIGNED_FULL, &data);
if (ret == 0)
@@ -1459,7 +1463,7 @@ print_crl_info (gnutls_x509_crl_t crl, FILE * out)
int ret;
size_t size;
- ret = gnutls_x509_crl_print (crl, GNUTLS_CRT_PRINT_FULL, &data);
+ ret = gnutls_x509_crl_print (crl, full_format, &data);
if (ret < 0)
error (EXIT_FAILURE, 0, "crl_print: %s", gnutls_strerror (ret));
@@ -1514,7 +1518,7 @@ print_crq_info (gnutls_x509_crq_t crq, FILE * out)
if (outcert_format == GNUTLS_X509_FMT_PEM)
{
- ret = gnutls_x509_crq_print (crq, GNUTLS_CRT_PRINT_FULL, &data);
+ ret = gnutls_x509_crq_print (crq, full_format, &data);
if (ret < 0)
error (EXIT_FAILURE, 0, "crq_print: %s", gnutls_strerror (ret));
@@ -2706,7 +2710,8 @@ void
pubkey_info (gnutls_x509_crt_t crt, common_info_st * cinfo)
{
gnutls_pubkey_t pubkey;
- gnutls_privkey_t privkey;
+ gnutls_privkey_t privkey = NULL;
+ gnutls_x509_crq_t crq = NULL;
int ret;
size_t size;
@@ -2721,6 +2726,11 @@ pubkey_info (gnutls_x509_crt_t crt, common_info_st *
cinfo)
crt = load_cert (0, cinfo);
}
+ if (crq == NULL)
+ {
+ crq = load_request (cinfo);
+ }
+
if (crt != NULL)
{
ret = gnutls_pubkey_import_x509 (pubkey, crt, 0);
@@ -2728,6 +2738,13 @@ pubkey_info (gnutls_x509_crt_t crt, common_info_st *
cinfo)
error (EXIT_FAILURE, 0, "pubkey_import_x509: %s",
gnutls_strerror (ret));
}
+ else if (crq != NULL)
+ {
+ ret = gnutls_pubkey_import_x509_crq (pubkey, crq, 0);
+ if (ret < 0)
+ error (EXIT_FAILURE, 0, "pubkey_import_x509_crq: %s",
+ gnutls_strerror (ret));
+ }
else
{
privkey = load_private_key (0, cinfo);
@@ -2762,6 +2779,6 @@ pubkey_info (gnutls_x509_crt_t crt, common_info_st *
cinfo)
/* PEM */
- _pubkey_info(outfile, pubkey);
+ _pubkey_info(outfile, full_format, pubkey);
gnutls_pubkey_deinit (pubkey);
}
diff --git a/src/tpmtool.c b/src/tpmtool.c
index 9f21d06..b4a0253 100644
--- a/src/tpmtool.c
+++ b/src/tpmtool.c
@@ -284,7 +284,7 @@ static void tpm_pubkey(const char* url, FILE* outfile)
if (ret < 0)
error (EXIT_FAILURE, 0, "gnutls_pubkey_import_tpm_url: %s",
gnutls_strerror (ret));
- _pubkey_info(outfile, pubkey);
+ _pubkey_info(outfile, GNUTLS_CRT_PRINT_FULL, pubkey);
gnutls_pubkey_deinit(pubkey);
}
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_3_1_4-45-g0e5683a,
Nikos Mavrogiannopoulos <=