if (encerts == NULL || vpm == NULL)
goto end;
+ opt_set_unknown_name("cipher");
prog = opt_init(argc, argv, cms_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
int hash_old = 0;
#endif
+ opt_set_unknown_name("digest");
prog = opt_init(argc, argv, crl_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
buf = app_malloc(BUFSIZE, "I/O buffer");
md = (EVP_MD *)EVP_get_digestbyname(argv[0]);
+ opt_set_unknown_name("digest");
prog = opt_init(argc, argv, dgst_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
int selection = 0;
OSSL_ENCODER_CTX *ectx = NULL;
+ opt_set_unknown_name("cipher");
prog = opt_init(argc, argv, dsa_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
char *point_format = NULL;
int no_public = 0;
+ opt_set_unknown_name("cipher");
prog = opt_init(argc, argv, ec_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
else if (strcmp(argv[0], "enc") != 0)
ciphername = argv[0];
+ opt_set_unknown_name("cipher");
prog = opt_init(argc, argv, enc_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
OPTION_CHOICE o;
int ret = 1, private = 0, verbose = 0, nbits;
+ opt_set_unknown_name("cipher");
prog = opt_init(argc, argv, gendsa_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
OSSL_LIB_CTX *libctx = app_get0_libctx();
STACK_OF(OPENSSL_STRING) *keyopt = NULL;
+ opt_set_unknown_name("cipher");
prog = opt_init(argc, argv, genpkey_options);
keyopt = sk_OPENSSL_STRING_new_null();
if (keyopt == NULL)
if (bn == NULL || cb == NULL)
goto end;
+ opt_set_unknown_name("cipher");
prog = opt_init(argc, argv, genrsa_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
char *opt_flag(void);
char *opt_arg(void);
char *opt_unknown(void);
+void reset_unknown(void);
int opt_cipher(const char *name, EVP_CIPHER **cipherp);
int opt_cipher_any(const char *name, EVP_CIPHER **cipherp);
int opt_cipher_silent(const char *name, EVP_CIPHER **cipherp);
int opt_md_silent(const char *name, EVP_MD **mdp);
int opt_int(const char *arg, int *result);
+void opt_set_unknown_name(const char *name);
int opt_int_arg(void);
int opt_long(const char *arg, long *result);
int opt_ulong(const char *arg, unsigned long *result);
static char *arg;
static char *flag;
static char *dunno;
+static const char *unknown_name;
static const OPTIONS *unknown;
static const OPTIONS *opts;
static char prog[40];
opt_begin();
opts = o;
unknown = NULL;
-
/* Make sure prog name is set for usage output */
(void)opt_progname(argv[0]);
}
#endif
if (o->name[0] == '\0') {
+ OPENSSL_assert(unknown_name != NULL);
OPENSSL_assert(unknown == NULL);
unknown = o;
OPENSSL_assert(unknown->valtype == 0 || unknown->valtype == '-');
{NULL}
};
+void opt_set_unknown_name(const char *name)
+{
+ unknown_name = name;
+}
+
/* Print an error message about a failed format parse. */
static int opt_format_error(const char *s, unsigned long flags)
{
return o->retval;
}
if (unknown != NULL) {
+ if (dunno != NULL) {
+ opt_printf_stderr("%s: Multiple %s or unknown options: -%s and -%s\n",
+ prog, unknown_name, dunno, p);
+ return -1;
+ }
dunno = p;
return unknown->retval;
}
return dunno;
}
+/* Reset the unknown option; needed by ocsp to allow multiple digest options. */
+void reset_unknown(void)
+{
+ dunno = NULL;
+}
+
/* Return the rest of the arguments after parsing flags. */
char **opt_rest(void)
{
{"VAfile", OPT_VAFILE, '<', "Validator certificates file"},
{"verify_other", OPT_VERIFY_OTHER, '<',
"Additional certificates to search for signer"},
- {"cert", OPT_CERT, '<', "Certificate to check"},
- {"serial", OPT_SERIAL, 's', "Serial number to check"},
+ {"cert", OPT_CERT, '<',
+ "Certificate to check; may be given multiple times"},
+ {"serial", OPT_SERIAL, 's',
+ "Serial number to check; may be given multiple times"},
{"validity_period", OPT_VALIDITY_PERIOD, 'u',
"Maximum validity discrepancy in seconds"},
{"signkey", OPT_SIGNKEY, 's', "Private key to sign OCSP request with"},
|| (vpm = X509_VERIFY_PARAM_new()) == NULL)
goto end;
+ opt_set_unknown_name("digest");
prog = opt_init(argc, argv, ocsp_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
goto end;
break;
case OPT_CERT:
+ reset_unknown();
X509_free(cert);
cert = load_cert(opt_arg(), FORMAT_UNDEF, "certificate");
if (cert == NULL)
trailing_md = 0;
break;
case OPT_SERIAL:
+ reset_unknown();
if (cert_id_md == NULL)
cert_id_md = (EVP_MD *)EVP_sha1();
if (!add_ocsp_serial(&req, opt_arg(), cert_id_md, issuer, ids))
EVP_CIPHER *enc = (EVP_CIPHER *)default_enc;
OPTION_CHOICE o;
+ opt_set_unknown_name("cipher");
prog = opt_init(argc, argv, pkcs12_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
char *point_format = NULL;
#endif
+ opt_set_unknown_name("cipher");
prog = opt_init(argc, argv, pkey_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
cipher = (EVP_CIPHER *)EVP_des_ede3_cbc();
#endif
+ opt_set_unknown_name("digest");
prog = opt_init(argc, argv, req_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
int selection = 0;
OSSL_ENCODER_CTX *ectx = NULL;
+ opt_set_unknown_name("cipher");
prog = opt_init(argc, argv, rsa_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
if ((vpm = X509_VERIFY_PARAM_new()) == NULL)
return 1;
+ opt_set_unknown_name("cipher");
prog = opt_init(argc, argv, smime_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
BIO *out = NULL;
ENGINE *e = NULL;
OPTION_CHOICE o;
- char *prog = opt_init(argc, argv, storeutl_options);
+ char *prog;
PW_CB_DATA pw_cb_data;
int expected = 0;
int criterion = 0;
EVP_MD *digest = NULL;
OSSL_LIB_CTX *libctx = app_get0_libctx();
+ opt_set_unknown_name("digest");
+ prog = opt_init(argc, argv, storeutl_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
if ((vpm = X509_VERIFY_PARAM_new()) == NULL)
goto end;
+ opt_set_unknown_name("digest");
prog = opt_init(argc, argv, ts_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
goto err;
X509_STORE_set_verify_cb(ctx, callb);
+ opt_set_unknown_name("digest");
prog = opt_init(argc, argv, x509_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
break;
}
}
-
/* No extra arguments. */
if (!opt_check_rest_arg(NULL))
goto opthelp;
=item B<-issuer> I<filename>
-This specifies the current issuer certificate. This option can be used
-multiple times.
+This specifies the current issuer certificate.
+This option can be used multiple times.
This option B<MUST> come before any B<-cert> options.
=item B<-cert> I<filename>
-Add the certificate I<filename> to the request. The issuer certificate
-is taken from the previous B<-issuer> option, or an error occurs if no
-issuer certificate is specified.
+Add the certificate I<filename> to the request.
+This option can be used multiple times.
+The issuer certificate is taken from the previous B<-issuer> option,
+or an error occurs if no issuer certificate is specified.
=item B<-no_certs>