Also print error message at the end of the output.
int command_usage(char *error)
{
FILE *out = stdout;
- int i, indent = 0;
+ int i;
if (error)
{
out = stderr;
- fprintf(out, "Error: %s\n", error);
}
- fprintf(out, "strongSwan %s PKI tool\n", VERSION);
+ fprintf(out, "strongSwan %s PKI tool", VERSION);
if (active == help_idx)
{
- fprintf(out, "loaded plugins: %s\n",
+ fprintf(out, "\nloaded plugins: %s\nusage:\n"
+ " pki command [options]\ncommands:\n",
lib->plugins->loaded_plugins(lib->plugins));
- }
-
- fprintf(out, "usage:\n");
- if (active == help_idx)
- {
for (i = 0; i < MAX_COMMANDS && cmds[i].cmd; i++)
{
- fprintf(out, " pki --%-7s (-%c) %s\n",
+ fprintf(out, " --%-7s (-%c) %s\n",
cmds[i].cmd, cmds[i].op, cmds[i].description);
}
}
else
{
+ fprintf(out, " (--%s/-%c)\n%s\nusage:\n",
+ cmds[active].cmd, cmds[active].op, cmds[active].description);
for (i = 0; i < MAX_LINES && cmds[active].line[i]; i++)
{
if (i == 0)
{
- indent = fprintf(out, " pki --%s ", cmds[active].cmd);
- fprintf(out, "%s\n", cmds[active].line[i]);
+ fprintf(out, " pki --%s %s\n", cmds[active].cmd,
+ cmds[active].line[i]);
}
else
{
- fprintf(out, "%*s%s\n", indent, "", cmds[active].line[i]);
+ fprintf(out, " %s\n", cmds[active].line[i]);
}
}
+ fprintf(out, "options:\n");
for (i = 0; cmds[active].options[i].name; i++)
{
- fprintf(out, " --%-15s (-%c) %s\n",
+ fprintf(out, " --%-15s (-%c) %s\n",
cmds[active].options[i].name, cmds[active].options[i].op,
cmds[active].options[i].desc);
}
}
+ if (error)
+ {
+ fprintf(out, "error: %s\n", error);
+ }
return error != NULL;
}
acert, 'z', "acert",
"issue an attribute certificate",
{"[--in file] [--group name]* --issuerkey file|--issuerkeyid hex",
- " --issuercert file [--serial hex] [--lifetime hours]",
- " [--not-before datetime] [--not-after datetime] [--dateform form]",
+ "--issuercert file [--serial hex] [--lifetime hours]",
+ "[--not-before datetime] [--not-after datetime] [--dateform form]",
"[--digest md5|sha1|sha224|sha256|sha384|sha512|sha3_224|sha3_256|sha3_384|sha3_512]",
"[--rsa-padding pkcs1|pss]",
"[--outform der|pem]"},
req, 'r', "req",
"create a PKCS#10 certificate request",
{"[--in file|--keyid hex] [--type rsa|ecdsa|priv]",
- " --oldreq file|--dn distinguished-name [--san subjectAltName]+",
+ "--oldreq file|--dn distinguished-name [--san subjectAltName]+",
"[--flag serverAuth|clientAuth|ocspSigning|msSmartcardLogon]+",
"[--profile server|client|dual|ocsp] [--password challengePassword]",
"[--digest sha1|sha224|sha256|sha384|sha512|sha3_224|sha3_256|sha3_384|sha3_512]",
scep, 'S', "scep",
"Enroll an X.509 certificate with a SCEP server",
{"--url url [--in file] [--dn distinguished-name] [--san subjectAltName]+",
+ "--cacert-enc file --cacert-sig file [--cacert file]+",
"[--profile profile] [--password password]",
- " --cacert-enc file --cacert-sig file [--cacert file]+",
- " --cert file --key file] [--cipher aes|des3]",
+ "[--cert file --key file] [--cipher aes|des3]",
"[--digest sha256|sha384|sha512|sha224|sha1] [--rsa-padding pkcs1|pss]",
"[--interval time] [--maxpolltime time] [--outform der|pem]"},
{
{"password", 'p', 1, "challengePassword to include in cert request"},
{"cacert-enc", 'e', 1, "CA certificate for encryption"},
{"cacert-sig", 's', 1, "CA certificate for signature verification"},
- {"cacert", 'C', 1, "Additional CA certificates"},
- {"cert", 'c', 1, "Old certificate about to be renewed"},
- {"key", 'k', 1, "Old RSA private key about to be replaced"},
+ {"cacert", 'C', 1, "additional CA certificates"},
+ {"cert", 'c', 1, "old certificate about to be renewed"},
+ {"key", 'k', 1, "old RSA private key about to be replaced"},
{"cipher", 'E', 1, "encryption cipher, default: aes"},
{"digest", 'g', 1, "digest for signature creation, default: sha256"},
{"rsa-padding", 'R', 1, "padding for RSA signatures, default: pkcs1"},
self, 's', "self",
"create a self signed certificate",
{"[--in file|--keyid hex] [--type rsa|ecdsa|ed25519|ed448|priv]",
- " --dn distinguished-name [--san subjectAltName]+",
+ "--dn distinguished-name [--san subjectAltName]+",
"[--lifetime days] [--serial hex] [--ca] [--ocsp uri]+",
"[--flag serverAuth|clientAuth|crlSign|ocspSigning|msSmartcardLogon]+",
"[--nc-permitted name] [--nc-excluded name]",
{
command_register((command_t) {
verify, 'v', "verify",
- "verify a certificate using the CA certificate",
- {"[--in file] [--cacert file] [--crl file]"},
+ "verify a certificate using one or more CA certificates",
+ {"[--in file] [--cacert file]+ [--crl file]"},
{
{"help", 'h', 0, "show usage information"},
{"in", 'i', 1, "X.509 certificate to verify, default: stdin"},
- {"cacert", 'c', 1, "CA certificate for trustchain verification"},
+ {"cacert", 'c', 1, "CA certificate(s) for trustchain verification"},
{"crl", 'l', 1, "CRL for trustchain verification"},
{"online", 'o', 0, "enable online CRL/OCSP revocation checking"},
}
projects / thirdparty / strongswan.git / commitdiff
