From 9c3bcfa027cb32421ed20ab77553860b922b82fc Mon Sep 17 00:00:00 2001 From: Rich Salz Date: Fri, 15 May 2015 13:50:38 -0400 Subject: [PATCH] Standardize handling of #ifdef'd options. Here are the "rules" for handling flags that depend on #ifdef: - Do not ifdef the enum. Only ifdef the OPTIONS table. All ifdef'd entries appear at the end; by convention "engine" is last. This ensures that at run-time, the flag will never be recognized/allowed. The next two bullets entries are for silencing compiler warnings: - In the while/switch parsing statement, use #ifdef for the body to disable it; leave the "case OPT_xxx:" and "break" statements outside the ifdef/ifndef. See ciphers.c for example. - If there are multiple options controlled by a single guard, OPT_FOO, OPT_BAR, etc., put a an #ifdef around the set, and then do "#else" and a series of case labels and a break. See OPENSSL_NO_AES in cms.c for example. Reviewed-by: Matt Caswell --- apps/ciphers.c | 14 ++---- apps/cms.c | 15 ++++-- apps/crl.c | 16 +++--- apps/dgst.c | 2 +- apps/dhparam.c | 6 +-- apps/dsa.c | 24 +++++---- apps/dsaparam.c | 6 +-- apps/ec.c | 6 +-- apps/enc.c | 12 ++--- apps/gendsa.c | 2 +- apps/genpkey.c | 1 + apps/passwd.c | 4 +- apps/pkcs12.c | 2 +- apps/req.c | 2 +- apps/rsa.c | 18 ++++--- apps/s_client.c | 130 ++++++++++++++++++++++-------------------------- apps/s_server.c | 127 ++++++++++++++++++++++++---------------------- apps/s_time.c | 6 +-- apps/speed.c | 16 +++--- apps/ts.c | 2 +- apps/verify.c | 2 +- apps/x509.c | 28 +++++------ 22 files changed, 222 insertions(+), 219 deletions(-) diff --git a/apps/ciphers.c b/apps/ciphers.c index b1b3bddd76..a2ccf2842d 100644 --- a/apps/ciphers.c +++ b/apps/ciphers.c @@ -64,12 +64,8 @@ typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, -#ifndef OPENSSL_NO_SSL_TRACE OPT_STDNAME, -#endif -#ifndef OPENSSL_NO_SSL3 OPT_SSL3, -#endif OPT_TLS1, OPT_V, OPT_UPPER_V, OPT_S } OPTION_CHOICE; @@ -79,13 +75,13 @@ OPTIONS ciphers_options[] = { {"v", OPT_V, '-', "Verbose listing of the SSL/TLS ciphers"}, {"V", OPT_UPPER_V, '-', "Even more verbose"}, {"s", OPT_S, '-', "Only supported ciphers"}, + {"tls1", OPT_TLS1, '-', "TLS1 mode"}, #ifndef OPENSSL_NO_SSL_TRACE {"stdname", OPT_STDNAME, '-', "Show standard cipher names"}, #endif #ifndef OPENSSL_NO_SSL3 {"ssl3", OPT_SSL3, '-', "SSL3 mode"}, #endif - {"tls1", OPT_TLS1, '-', "TLS1 mode"}, {NULL} }; @@ -125,16 +121,16 @@ int ciphers_main(int argc, char **argv) case OPT_S: use_supported = 1; break; -#ifndef OPENSSL_NO_SSL_TRACE case OPT_STDNAME: +#ifndef OPENSSL_NO_SSL_TRACE stdname = verbose = 1; - break; #endif -#ifndef OPENSSL_NO_SSL3 + break; case OPT_SSL3: +#ifndef OPENSSL_NO_SSL3 meth = SSLv3_client_method(); - break; #endif + break; case OPT_TLS1: meth = TLSv1_client_method(); break; diff --git a/apps/cms.c b/apps/cms.c index 7ccca5be96..e40686b5d4 100644 --- a/apps/cms.c +++ b/apps/cms.c @@ -208,6 +208,8 @@ OPTIONS cms_options[] = { {"keyopt", OPT_KEYOPT, 's', "Set public key parameters as n:v pairs"}, {"receipt_request_from", OPT_RR_FROM, 's'}, {"receipt_request_to", OPT_RR_TO, 's'}, + {"", OPT_CIPHER, '-', "Any supported cipher"}, + OPT_V_OPTIONS, # ifndef OPENSSL_NO_AES {"aes128-wrap", OPT_AES128_WRAP, '-', "Use AES128 to wrap key"}, {"aes192-wrap", OPT_AES192_WRAP, '-', "Use AES192 to wrap key"}, @@ -219,9 +221,7 @@ OPTIONS cms_options[] = { # ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"}, # endif - {"", OPT_CIPHER, '-', "Any supported cipher"}, - OPT_V_OPTIONS, - {NULL}, + {NULL} }; int cms_main(int argc, char **argv) @@ -588,11 +588,11 @@ int cms_main(int argc, char **argv) goto end; vpmtouched++; break; -# ifndef OPENSSL_NO_DES case OPT_3DES_WRAP: +# ifndef OPENSSL_NO_DES wrap_cipher = EVP_des_ede3_wrap(); - break; # endif + break; # ifndef OPENSSL_NO_AES case OPT_AES128_WRAP: wrap_cipher = EVP_aes_128_wrap(); @@ -603,6 +603,11 @@ int cms_main(int argc, char **argv) case OPT_AES256_WRAP: wrap_cipher = EVP_aes_256_wrap(); break; +# else + case OPT_AES128_WRAP: + case OPT_AES192_WRAP: + case OPT_AES256_WRAP: + break; # endif } } diff --git a/apps/crl.c b/apps/crl.c index 17391e24c0..c897335fb7 100644 --- a/apps/crl.c +++ b/apps/crl.c @@ -95,11 +95,11 @@ OPTIONS crl_options[] = { {"verify", OPT_VERIFY, '-'}, {"text", OPT_TEXT, '-', "Print out a text format version"}, {"hash", OPT_HASH, '-', "Print hash value"}, + {"nameopt", OPT_NAMEOPT, 's', "Various certificate name options"}, + {"", OPT_MD, '-', "Any supported digest"}, #ifndef OPENSSL_NO_MD5 {"hash_old", OPT_HASH_OLD, '-', "Print old-style (MD5) hash value"}, #endif - {"nameopt", OPT_NAMEOPT, 's', "Various certificate name options"}, - {"", OPT_MD, '-', "Any supported digest"}, {NULL} }; @@ -117,11 +117,11 @@ int crl_main(int argc, char **argv) char *infile = NULL, *outfile = NULL, *crldiff = NULL, *keyfile = NULL; char *CAfile = NULL, *CApath = NULL, *prog; OPTION_CHOICE o; - int hash = 0, issuer = 0, lastupdate = 0, nextupdate = 0, noout = - 0, text = 0; + int hash = 0, issuer = 0, lastupdate = 0, nextupdate = 0, noout = 0; int informat = FORMAT_PEM, outformat = FORMAT_PEM, keyformat = FORMAT_PEM; - int ret = 1, num = 0, badsig = 0, fingerprint = 0, crlnumber = - 0, i, do_ver = 0; + int ret = 1, num = 0, badsig = 0, fingerprint = 0, crlnumber = 0; + int text = 0, do_ver = 0; + int i; #ifndef OPENSSL_NO_MD5 int hash_old = 0; #endif @@ -170,11 +170,11 @@ int crl_main(int argc, char **argv) CAfile = opt_arg(); do_ver = 1; break; -#ifndef OPENSSL_NO_MD5 case OPT_HASH_OLD: +#ifndef OPENSSL_NO_MD5 hash_old = ++num; - break; #endif + break; case OPT_VERIFY: do_ver = 1; break; diff --git a/apps/dgst.c b/apps/dgst.c index 308555c46d..e6142caaff 100644 --- a/apps/dgst.c +++ b/apps/dgst.c @@ -111,11 +111,11 @@ OPTIONS dgst_options[] = { {"mac", OPT_MAC, 's', "Create MAC (not neccessarily HMAC)"}, {"sigop", OPT_SIGOPT, 's', "Signature parameter in n:v form"}, {"macop", OPT_MACOPT, 's', "MAC algorithm parameters in n:v form or key"}, + {"", OPT_DIGEST, '-', "Any supported digest"}, #ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"}, {"engine_impl", OPT_ENGINE_IMPL, '-'}, #endif - {"", OPT_DIGEST, '-', "Any supported digest"}, {NULL} }; diff --git a/apps/dhparam.c b/apps/dhparam.c index 931bf10226..2e5ce2c6d3 100644 --- a/apps/dhparam.c +++ b/apps/dhparam.c @@ -153,12 +153,12 @@ OPTIONS dhparam_options[] = { {"C", OPT_C, '-', "Print C code"}, {"2", OPT_2, '-', "Generate parameters using 2 as the generator value"}, {"5", OPT_5, '-', "Generate parameters using 5 as the generator value"}, -# ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"}, -# endif # ifndef OPENSSL_NO_DSA {"dsaparam", OPT_DSAPARAM, '-', "Read or generate DSA parameters, convert to DH"}, +# endif +# ifndef OPENSSL_NO_ENGINE + {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"}, # endif {NULL} }; diff --git a/apps/dsa.c b/apps/dsa.c index f02f29399a..f61e151f88 100644 --- a/apps/dsa.c +++ b/apps/dsa.c @@ -82,14 +82,8 @@ OPTIONS dsa_options[] = { {"help", OPT_HELP, '-', "Display this summary"}, {"inform", OPT_INFORM, 'F', "Input format, DER PEM PVK"}, {"outform", OPT_OUTFORM, 'F', "Output format, DER PEM PVK"}, -# ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"}, -# endif {"in", OPT_IN, '<', "Input file"}, {"out", OPT_OUT, '>', "Output file"}, - {"pvk-strong", OPT_PVK_STRONG, '-'}, - {"pvk-weak", OPT_PVK_WEAK, '-'}, - {"pvk-none", OPT_PVK_NONE, '-'}, {"noout", OPT_NOOUT, '-', "Don't print key out"}, {"text", OPT_TEXT, '-', "Print the key in text"}, {"modulus", OPT_MODULUS, '-', "Print the DSA public value"}, @@ -98,6 +92,14 @@ OPTIONS dsa_options[] = { {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"}, {"", OPT_CIPHER, '-', "Any supported cipher"}, +# ifndef OPENSSL_NO_RC4 + {"pvk-strong", OPT_PVK_STRONG, '-'}, + {"pvk-weak", OPT_PVK_WEAK, '-'}, + {"pvk-none", OPT_PVK_NONE, '-'}, +# endif +# ifndef OPENSSL_NO_ENGINE + {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"}, +# endif {NULL} }; @@ -118,11 +120,6 @@ int dsa_main(int argc, char **argv) switch (o) { case OPT_EOF: case OPT_ERR: -#ifdef OPENSSL_NO_RC4 - case OPT_PVK_STRONG: - case OPT_PVK_WEAK: - case OPT_PVK_NONE: -#endif opthelp: ret = 0; BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); @@ -166,6 +163,11 @@ int dsa_main(int argc, char **argv) case OPT_PVK_NONE: pvk_encr = 0; break; +#else + case OPT_PVK_STRONG: + case OPT_PVK_WEAK: + case OPT_PVK_NONE: + break; #endif case OPT_NOOUT: noout = 1; diff --git a/apps/dsaparam.c b/apps/dsaparam.c index ffd81ff7e5..27170a22a2 100644 --- a/apps/dsaparam.c +++ b/apps/dsaparam.c @@ -103,11 +103,11 @@ OPTIONS dsaparam_options[] = { {"genkey", OPT_GENKEY, '-', "Generate a DSA key"}, {"rand", OPT_RAND, 's', "Files to use for random number input"}, {"non-fips-allow", OPT_NON_FIPS_ALLOW, '-'}, -# ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"}, -# endif # ifdef GENCB_TEST {"timebomb", OPT_TIMEBOMB, 'p', "Interrupt keygen after 'pnum' seconds"}, +# endif +# ifndef OPENSSL_NO_ENGINE + {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"}, # endif {NULL} }; diff --git a/apps/ec.c b/apps/ec.c index 83a6aa4bab..341243ff28 100644 --- a/apps/ec.c +++ b/apps/ec.c @@ -92,9 +92,6 @@ OPTIONS ec_options[] = { {"inform", OPT_INFORM, 'F', "Input format - DER or PEM"}, {"out", OPT_OUT, '>', "Output file"}, {"outform", OPT_OUTFORM, 'F', "Output format - DER or PEM"}, -# ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, -# endif {"noout", OPT_NOOUT, '-', "Don't print key out"}, {"text", OPT_TEXT, '-', "Print the key"}, {"param_out", OPT_PARAM_OUT, '-', "Print the elliptic curve parameters"}, @@ -106,6 +103,9 @@ OPTIONS ec_options[] = { "Specifies the way the ec parameters are encoded"}, {"conv_form", OPT_CONV_FORM, 's', "Specifies the point conversion form "}, {"", OPT_CIPHER, '-', "Any supported cipher"}, +# ifndef OPENSSL_NO_ENGINE + {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, +# endif {NULL} }; diff --git a/apps/enc.c b/apps/enc.c index d045d15965..628142a9f4 100644 --- a/apps/enc.c +++ b/apps/enc.c @@ -92,9 +92,6 @@ OPTIONS enc_options[] = { {"in", OPT_IN, '<', "Input file"}, {"out", OPT_OUT, '>', "Output file"}, {"pass", OPT_PASS, 's', "Passphrase source"}, -#ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, -#endif {"e", OPT_E, '-', "Encrypt"}, {"d", OPT_D, '-', "Decrypt"}, {"p", OPT_P, '-', "Print the iv/key"}, @@ -107,9 +104,6 @@ OPTIONS enc_options[] = { {"A", OPT_UPPER_A, '-'}, {"a", OPT_A, '-', "base64 encode/decode, depending on encryption flag"}, {"base64", OPT_A, '-', "Base64 output as a single line"}, -#ifdef ZLIB - {"z", OPT_Z, '-', "Use zlib as the 'encryption'"}, -#endif {"bufsize", OPT_BUFSIZE, 's', "Buffer size"}, {"k", OPT_K, 's', "Passphrase"}, {"kfile", OPT_KFILE, '<', "Fead passphrase from file"}, @@ -120,6 +114,12 @@ OPTIONS enc_options[] = { {"non-fips-allow", OPT_NON_FIPS_ALLOW, '-'}, {"none", OPT_NONE, '-', "Don't encrypt"}, {"", OPT_CIPHER, '-', "Any supported cipher"}, +#ifdef ZLIB + {"z", OPT_Z, '-', "Use zlib as the 'encryption'"}, +#endif +#ifndef OPENSSL_NO_ENGINE + {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, +#endif {NULL} }; diff --git a/apps/gendsa.c b/apps/gendsa.c index a832ec3ded..01bbcebf0e 100644 --- a/apps/gendsa.c +++ b/apps/gendsa.c @@ -84,10 +84,10 @@ OPTIONS gendsa_options[] = { {"passout", OPT_PASSOUT, 's'}, {"rand", OPT_RAND, 's', "Load the file(s) into the random number generator"}, + {"", OPT_CIPHER, '-', "Encrypt the output with any supported cipher"}, # ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, # endif - {"", OPT_CIPHER, '-', "Encrypt the output with any supported cipher"}, {NULL} }; diff --git a/apps/genpkey.c b/apps/genpkey.c index b9843cfef7..7c8d551827 100644 --- a/apps/genpkey.c +++ b/apps/genpkey.c @@ -89,6 +89,7 @@ OPTIONS genpkey_options[] = { #ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, #endif + /* This is deliberately last. */ {OPT_HELP_STR, 1, 1, "Order of options may be important! See the documentation.\n"}, {NULL} diff --git a/apps/passwd.c b/apps/passwd.c index f34ef9f534..2e376290d0 100644 --- a/apps/passwd.c +++ b/apps/passwd.c @@ -101,6 +101,8 @@ OPTIONS passwd_options[] = { {"quiet", OPT_QUIET, '-', "No warnings"}, {"table", OPT_TABLE, '-', "Format output as table"}, {"reverse", OPT_REVERSE, '-', "Switch table columns"}, + {"salt", OPT_SALT, 's', "Use provided salt"}, + {"stdin", OPT_STDIN, '-', "Read passwords from stdin"}, # ifndef NO_MD5CRYPT_1 {"apr1", OPT_APR1, '-', "MD5-based password algorithm, Apache variant"}, {"1", OPT_1, '-', "MD5-based password algorithm"}, @@ -108,8 +110,6 @@ OPTIONS passwd_options[] = { # ifndef OPENSSL_NO_DES {"crypt", OPT_CRYPT, '-', "Standard Unix password algorithm (default)"}, # endif - {"salt", OPT_SALT, 's', "Use provided salt"}, - {"stdin", OPT_STDIN, '-', "Read passwords from stdin"}, {NULL} }; diff --git a/apps/pkcs12.c b/apps/pkcs12.c index 82131e8527..9ab7f69160 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -149,10 +149,10 @@ OPTIONS pkcs12_options[] = { {"password", OPT_PASSWORD, 's', "Set import/export password source"}, {"CApath", OPT_CAPATH, '/', "PEM-format directory of CA's"}, {"CAfile", OPT_CAFILE, '<', "PEM-format file of CA's"}, + {"", OPT_CIPHER, '-', "Any supported cipher"}, # ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, # endif - {"", OPT_CIPHER, '-', "Any supported cipher"}, {NULL} }; diff --git a/apps/req.c b/apps/req.c index 3bae59ec8b..00d7c4a135 100644 --- a/apps/req.c +++ b/apps/req.c @@ -176,11 +176,11 @@ OPTIONS req_options[] = { "Cert extension section (override value in config file)"}, {"reqexts", OPT_REQEXTS, 's', "Request extension section (override value in config file)"}, + {"", OPT_MD, '-', "Any supported digest"}, #ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, {"keygen_engine", OPT_KEYGEN_ENGINE, 's'}, #endif - {"", OPT_MD, '-', "Any supported digest"}, {NULL} }; diff --git a/apps/rsa.c b/apps/rsa.c index 87cb70254e..51581aed28 100644 --- a/apps/rsa.c +++ b/apps/rsa.c @@ -138,14 +138,16 @@ OPTIONS rsa_options[] = { {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, {"RSAPublicKey_in", OPT_RSAPUBKEY_IN, '-', "Input is an RSAPublicKey"}, {"RSAPublicKey_out", OPT_RSAPUBKEY_OUT, '-', "Output is an RSAPublicKey"}, - {"pvk-strong", OPT_PVK_STRONG, '-'}, - {"pvk-weak", OPT_PVK_WEAK, '-'}, - {"pvk-none", OPT_PVK_NONE, '-'}, {"noout", OPT_NOOUT, '-', "Don't print key out"}, {"text", OPT_TEXT, '-', "Print the key in text"}, {"modulus", OPT_MODULUS, '-', "Print the RSA key modulus"}, {"check", OPT_CHECK, '-', "Verify key consistency"}, {"", OPT_CIPHER, '-', "Any supported cipher"}, +# ifdef OPENSSL_NO_RC4 + {"pvk-strong", OPT_PVK_STRONG, '-'}, + {"pvk-weak", OPT_PVK_WEAK, '-'}, + {"pvk-none", OPT_PVK_NONE, '-'}, +# endif # ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, # endif @@ -170,11 +172,6 @@ int rsa_main(int argc, char **argv) switch (o) { case OPT_EOF: case OPT_ERR: -#ifdef OPENSSL_NO_RC4 - case OPT_PVK_STRONG: - case OPT_PVK_WEAK: - case OPT_PVK_NONE: -#endif opthelp: BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); goto end; @@ -227,6 +224,11 @@ int rsa_main(int argc, char **argv) case OPT_PVK_NONE: pvk_encr = 0; break; +#else + case OPT_PVK_STRONG: + case OPT_PVK_WEAK: + case OPT_PVK_NONE: + break; #endif case OPT_NOOUT: noout = 1; diff --git a/apps/s_client.c b/apps/s_client.c index 009e5fe895..22aa27080d 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -509,17 +509,9 @@ OPTIONS s_client_options[] = { {"quiet", OPT_QUIET, '-', "No s_client output"}, {"ign_eof", OPT_IGN_EOF, '-', "Ignore input eof (default when -quiet)"}, {"no_ign_eof", OPT_NO_IGN_EOF, '-', "Don't ignore input eof"}, -#ifndef OPENSSL_NO_SSL3 - {"ssl3", OPT_SSL3, '-', "Just use SSLv3"}, -#endif {"tls1_2", OPT_TLS1_2, '-', "Just use TLSv1.2"}, {"tls1_1", OPT_TLS1_1, '-', "Just use TLSv1.1"}, {"tls1", OPT_TLS1, '-', "Just use TLSv1"}, - {"dtls", OPT_DTLS, '-'}, - {"dtls1", OPT_DTLS1, '-', "Just use DTLSv1"}, - {"dtls1_2", OPT_DTLS1_2, '-'}, - {"timeout", OPT_TIMEOUT, '-'}, - {"mtu", OPT_MTU, 'p', "Set the link layer MTU"}, {"starttls", OPT_STARTTLS, 's', "Use the STARTTLS command before starting TLS"}, {"xmpphost", OPT_XMPPHOST, 's', "Host to use with \"-starttls xmpp\""}, @@ -534,6 +526,48 @@ OPTIONS s_client_options[] = { {"keymatexportlen", OPT_KEYMATEXPORTLEN, 'p', "Export len bytes of keying material (default 20)"}, {"fallback_scsv", OPT_FALLBACKSCSV, '-', "Send the fallback SCSV"}, + {"name", OPT_SMTPHOST, 's', "Hostname to use for \"-starttls smtp\""}, + {"CRL", OPT_CRL, '<'}, + {"crl_download", OPT_CRL_DOWNLOAD, '-'}, + {"CRLform", OPT_CRLFORM, 'F'}, + {"verify_return_error", OPT_VERIFY_RET_ERROR, '-'}, + {"verify_quiet", OPT_VERIFY_QUIET, '-'}, + {"brief", OPT_BRIEF, '-'}, + {"prexit", OPT_PREXIT, '-'}, + {"security_debug", OPT_SECURITY_DEBUG, '-'}, + {"security_debug_verbose", OPT_SECURITY_DEBUG_VERBOSE, '-'}, + {"cert_chain", OPT_CERT_CHAIN, '<'}, + {"chainCApath", OPT_CHAINCAPATH, '/'}, + {"verifyCApath", OPT_VERIFYCAPATH, '/'}, + {"build_chain", OPT_BUILD_CHAIN, '-'}, + {"chainCAfile", OPT_CHAINCAFILE, '<'}, + {"verifyCAfile", OPT_VERIFYCAFILE, '<'}, + {"nocommands", OPT_NOCMDS, '-', "Do not use interactive command letters"}, + {"servername", OPT_SERVERNAME, 's', + "Set TLS extension servername in ClientHello"}, + {"tlsextdebug", OPT_TLSEXTDEBUG, '-', + "Hex dump of all TLS extensions received"}, + {"status", OPT_STATUS, '-', "Request certificate status from server"}, + {"serverinfo", OPT_SERVERINFO, 's', + "types Send empty ClientHello extensions (comma-separated numbers)"}, + {"alpn", OPT_ALPN, 's', + "Enable ALPN extension, considering named protocols supported (comma-separated list)"}, + OPT_S_OPTIONS, + OPT_V_OPTIONS, + OPT_X_OPTIONS, +#ifndef OPENSSL_NO_SSL3 + {"ssl3", OPT_SSL3, '-', "Just use SSLv3"}, +#endif +#ifndef OPENSSL_NO_DTLS1 + {"dtls", OPT_DTLS, '-'}, + {"dtls1", OPT_DTLS1, '-', "Just use DTLSv1"}, + {"dtls1_2", OPT_DTLS1_2, '-'}, + {"timeout", OPT_TIMEOUT, '-'}, + {"mtu", OPT_MTU, 'p', "Set the link layer MTU"}, +#endif +#ifndef OPENSSL_NO_SSL_TRACE + {"trace", OPT_TRACE, '-'}, +#endif #ifdef WATT32 {"wdebug", OPT_WDEBUG, '-', "WATT-32 tcp debugging"}, #endif @@ -556,44 +590,14 @@ OPTIONS s_client_options[] = { "Tolerate other than the known g N values."}, {"srp_strength", OPT_SRP_STRENGTH, 'p', "Minimal mength in bits for N"}, #endif - {"name", OPT_SMTPHOST, 's', "Hostname to use for \"-starttls smtp\""}, - {"servername", OPT_SERVERNAME, 's', - "Set TLS extension servername in ClientHello"}, - {"tlsextdebug", OPT_TLSEXTDEBUG, '-', - "Hex dump of all TLS extensions received"}, - {"status", OPT_STATUS, '-', "Request certificate status from server"}, - {"serverinfo", OPT_SERVERINFO, 's', - "types Send empty ClientHello extensions (comma-separated numbers)"}, - {"alpn", OPT_ALPN, 's', - "Enable ALPN extension, considering named protocols supported (comma-separated list)"}, #ifndef OPENSSL_NO_NEXTPROTONEG {"nextprotoneg", OPT_NEXTPROTONEG, 's', "Enable NPN extension, considering named protocols supported (comma-separated list)"}, #endif - {"CRL", OPT_CRL, '<'}, - {"crl_download", OPT_CRL_DOWNLOAD, '-'}, - {"CRLform", OPT_CRLFORM, 'F'}, - {"verify_return_error", OPT_VERIFY_RET_ERROR, '-'}, - {"verify_quiet", OPT_VERIFY_QUIET, '-'}, - {"brief", OPT_BRIEF, '-'}, - {"prexit", OPT_PREXIT, '-'}, - {"trace", OPT_TRACE, '-'}, - {"security_debug", OPT_SECURITY_DEBUG, '-'}, - {"security_debug_verbose", OPT_SECURITY_DEBUG_VERBOSE, '-'}, - {"cert_chain", OPT_CERT_CHAIN, '<'}, - {"chainCApath", OPT_CHAINCAPATH, '/'}, - {"verifyCApath", OPT_VERIFYCAPATH, '/'}, - {"build_chain", OPT_BUILD_CHAIN, '-'}, - {"chainCAfile", OPT_CHAINCAFILE, '<'}, - {"verifyCAfile", OPT_VERIFYCAFILE, '<'}, - {"nocommands", OPT_NOCMDS, '-', "Do not use interactive command letters"}, #ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, {"ssl_client_engine", OPT_SSL_CLIENT_ENGINE, 's'}, #endif - OPT_S_OPTIONS, - OPT_V_OPTIONS, - OPT_X_OPTIONS, {NULL} }; @@ -706,29 +710,6 @@ int s_client_main(int argc, char **argv) prog = opt_init(argc, argv, s_client_options); while ((o = opt_next()) != OPT_EOF) { switch (o) { -#ifndef WATT32 - case OPT_WDEBUG: -#endif -#ifdef OPENSSL_NO_JPAKE - case OPT_JPAKE: -#endif -#ifdef OPENSSL_NO_SSL_TRACE - case OPT_TRACE: -#endif -#ifdef OPENSSL_NO_PSK - case OPT_PSK_IDENTITY: - case OPT_PSK: -#endif -#ifdef OPENSSL_NO_SSL3 - case OPT_SSL3: -#endif -#ifdef OPENSSL_NO_DTLS1 - case OPT_DTLS: - case OPT_DTLS1: - case OPT_DTLS1_2: - case OPT_TIMEOUT: - case OPT_MTU: -#endif case OPT_EOF: case OPT_ERR: opthelp: @@ -866,22 +847,22 @@ int s_client_main(int argc, char **argv) case OPT_STATUS: c_status_req = 1; break; -#ifdef WATT32 case OPT_WDEBUG: +#ifdef WATT32 dbug_init(); - break; #endif + break; case OPT_MSG: c_msg = 1; break; case OPT_MSGFILE: bio_c_msg = BIO_new_file(opt_arg(), "w"); break; -#ifndef OPENSSL_NO_SSL_TRACE case OPT_TRACE: +#ifndef OPENSSL_NO_SSL_TRACE c_msg = 2; - break; #endif + break; case OPT_SECURITY_DEBUG: sdebug = 1; break; @@ -908,6 +889,9 @@ int s_client_main(int argc, char **argv) BIO_printf(bio_err, "Not a hex number '%s'\n", psk_key); goto end; } +#else + case OPT_PSK_IDENTITY: + case OPT_PSK: break; #endif #ifndef OPENSSL_NO_SRP @@ -941,11 +925,11 @@ int s_client_main(int argc, char **argv) case OPT_SRP_MOREGROUPS: break; #endif -#ifndef OPENSSL_NO_SSL3 case OPT_SSL3: +#ifndef OPENSSL_NO_SSL3 meth = SSLv3_client_method(); - break; #endif + break; case OPT_TLS1_2: meth = TLSv1_2_client_method(); break; @@ -974,6 +958,13 @@ int s_client_main(int argc, char **argv) case OPT_MTU: socket_mtu = atol(opt_arg()); break; +#else + case OPT_DTLS: + case OPT_DTLS1: + case OPT_DTLS1_2: + case OPT_TIMEOUT: + case OPT_MTU: + break; #endif case OPT_FALLBACKSCSV: fallback_scsv = 1; @@ -1038,13 +1029,12 @@ int s_client_main(int argc, char **argv) goto end; case OPT_SERVERNAME: servername = opt_arg(); - /* meth=TLSv1_client_method(); */ break; -#ifndef OPENSSL_NO_JPAKE case OPT_JPAKE: +#ifndef OPENSSL_NO_JPAKE jpake_secret = opt_arg(); - break; #endif + break; case OPT_USE_SRTP: srtp_profiles = opt_arg(); break; diff --git a/apps/s_server.c b/apps/s_server.c index 189019d1b2..6bd0257a7a 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -806,9 +806,7 @@ typedef enum OPTION_choice { OPT_BRIEF, OPT_NO_TMP_RSA, OPT_NO_DHE, OPT_NO_ECDHE, OPT_NO_RESUME_EPHEMERAL, OPT_PSK_HINT, OPT_PSK, OPT_SRPVFILE, OPT_SRPUSERSEED, OPT_REV, OPT_WWW, OPT_UPPER_WWW, OPT_HTTP, -#ifndef OPENSSL_NO_SSL3 OPT_SSL3, -#endif OPT_TLS1_2, OPT_TLS1_1, OPT_TLS1, OPT_DTLS, OPT_DTLS1, OPT_DTLS1_2, OPT_TIMEOUT, OPT_MTU, OPT_CHAIN, OPT_ID_PREFIX, OPT_RAND, OPT_SERVERNAME, OPT_SERVERNAME_FATAL, @@ -821,7 +819,6 @@ typedef enum OPTION_choice { OPTIONS s_server_options[] = { {"help", OPT_HELP, '-', "Display this summary"}, - {"port", OPT_PORT, 'p'}, {"accept", OPT_PORT, 'p', "TCP/IP port to accept on (default is " PORT_STR ")"}, @@ -851,9 +848,6 @@ OPTIONS s_server_options[] = { {"dkeyform", OPT_DKEYFORM, 'F', "Second key format (PEM, DER or ENGINE) PEM default"}, {"dpass", OPT_DPASS, 's', "Second private key file pass phrase source"}, -#ifdef FIONBIO - {"nbio", OPT_NBIO, '-', "Use non-blocking IO"}, -#endif {"nbio_test", OPT_NBIO_TEST, '-', "Test with the non-blocking test bio"}, {"crlf", OPT_CRLF, '-', "Convert LF from terminal into CRLF"}, {"debug", OPT_DEBUG, '-', "Print more output"}, @@ -865,47 +859,13 @@ OPTIONS s_server_options[] = { {"nocert", OPT_NOCERT, '-', "Don't use any certificates (Anon-DH)"}, {"quiet", OPT_QUIET, '-', "No server output"}, {"no_tmp_rsa", OPT_NO_TMP_RSA, '-', "Do not generate a tmp RSA key"}, -#ifndef OPENSSL_NO_PSK - {"psk_hint", OPT_PSK_HINT, 's', "PSK identity hint to use"}, - {"psk", OPT_PSK, 's', "PSK in hex (without 0x)"}, -# ifndef OPENSSL_NO_JPAKE - {"jpake", OPT_JPAKE, 's', "JPAKE secret to use"}, -# endif -#endif -#ifndef OPENSSL_NO_SRP - {"srpvfile", OPT_SRPVFILE, '<', "The verifier file for SRP"}, - {"srpuserseed", OPT_SRPUSERSEED, 's', - "A seed string for a default user salt"}, -#endif -#ifndef OPENSSL_NO_SSL3 - {"ssl3", OPT_SSL3, '-', "Just talk SSLv3"}, -#endif {"tls1_2", OPT_TLS1_2, '-', "just talk TLSv1.2"}, {"tls1_1", OPT_TLS1_1, '-', "Just talk TLSv1.1"}, {"tls1", OPT_TLS1, '-', "Just talk TLSv1"}, -#ifndef OPENSSL_NO_DTLS1 - {"dtls", OPT_DTLS, '-'}, - {"dtls1", OPT_DTLS1, '-', "Just talk DTLSv1"}, - {"dtls1_2", OPT_DTLS1_2, '-', "Just talk DTLSv1.2"}, - {"timeout", OPT_TIMEOUT, '-', "Enable timeouts"}, - {"mtu", OPT_MTU, 'p', "Set link layer MTU"}, - {"chain", OPT_CHAIN, '-', "Read a certificate chain"}, -#endif -#ifndef OPENSSL_NO_DH - {"no_dhe", OPT_NO_DHE, '-', "Disable ephemeral DH"}, -#endif -#ifndef OPENSSL_NO_EC - {"no_ecdhe", OPT_NO_ECDHE, '-', "Disable ephemeral ECDH"}, -#endif {"no_resume_ephemeral", OPT_NO_RESUME_EPHEMERAL, '-', "Disable caching and tickets if ephemeral (EC)DH is used"}, {"www", OPT_WWW, '-', "Respond to a 'GET /' with a status page"}, {"WWW", OPT_UPPER_WWW, '-', "Respond to a 'GET with the file ./path"}, - {"HTTP", OPT_HTTP, '-', "Like -WWW but ./path incluedes HTTP headers"}, - {"id_prefix", OPT_ID_PREFIX, 's', - "Generate SSL/TLS session IDs prefixed by arg"}, - {"rand", OPT_RAND, 's', - "Load the file(s) into the random number generator"}, {"servername", OPT_SERVERNAME, 's', "Servername for HostName TLS extension"}, {"servername_fatal", OPT_SERVERNAME_FATAL, '-', @@ -916,14 +876,11 @@ OPTIONS s_server_options[] = { "-Private Key file to use for servername if not in -cert2"}, {"tlsextdebug", OPT_TLSEXTDEBUG, '-', "Hex dump of all TLS extensions received"}, -#ifndef OPENSSL_NO_NEXTPROTONEG - {"nextprotoneg", OPT_NEXTPROTONEG, 's', - "Set the advertised protocols for the NPN extension (comma-separated list)"}, -#endif - {"use_srtp", OPT_SRTP_PROFILES, '<', - "Offer SRTP key management with a colon-separated profile list"}, - {"alpn", OPT_ALPN, 's', - "Set the advertised protocols for the ALPN extension (comma-separated list)"}, + {"HTTP", OPT_HTTP, '-', "Like -WWW but ./path incluedes HTTP headers"}, + {"id_prefix", OPT_ID_PREFIX, 's', + "Generate SSL/TLS session IDs prefixed by arg"}, + {"rand", OPT_RAND, 's', + "Load the file(s) into the random number generator"}, {"keymatexport", OPT_KEYMATEXPORT, 's', "Export keying material using label"}, {"keymatexportlen", OPT_KEYMATEXPORTLEN, 'p', @@ -953,12 +910,54 @@ OPTIONS s_server_options[] = { {"security_debug_verbose", OPT_SECURITY_DEBUG_VERBOSE, '-'}, {"brief", OPT_BRIEF, '-'}, {"rev", OPT_REV, '-'}, -#ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's'}, -#endif OPT_S_OPTIONS, OPT_V_OPTIONS, OPT_X_OPTIONS, +#ifdef FIONBIO + {"nbio", OPT_NBIO, '-', "Use non-blocking IO"}, +#endif +#ifndef OPENSSL_NO_PSK + {"psk_hint", OPT_PSK_HINT, 's', "PSK identity hint to use"}, + {"psk", OPT_PSK, 's', "PSK in hex (without 0x)"}, +# ifndef OPENSSL_NO_JPAKE + {"jpake", OPT_JPAKE, 's', "JPAKE secret to use"}, +# endif +#endif +#ifndef OPENSSL_NO_SRP + {"srpvfile", OPT_SRPVFILE, '<', "The verifier file for SRP"}, + {"srpuserseed", OPT_SRPUSERSEED, 's', + "A seed string for a default user salt"}, +#endif +#ifndef OPENSSL_NO_SSL3 + {"ssl3", OPT_SSL3, '-', "Just talk SSLv3"}, +#endif +#ifndef OPENSSL_NO_DTLS1 + {"dtls", OPT_DTLS, '-'}, + {"dtls1", OPT_DTLS1, '-', "Just talk DTLSv1"}, + {"dtls1_2", OPT_DTLS1_2, '-', "Just talk DTLSv1.2"}, + {"timeout", OPT_TIMEOUT, '-', "Enable timeouts"}, + {"mtu", OPT_MTU, 'p', "Set link layer MTU"}, + {"chain", OPT_CHAIN, '-', "Read a certificate chain"}, +#endif +#ifndef OPENSSL_NO_DH + {"no_dhe", OPT_NO_DHE, '-', "Disable ephemeral DH"}, +#endif +#ifndef OPENSSL_NO_EC + {"no_ecdhe", OPT_NO_ECDHE, '-', "Disable ephemeral ECDH"}, +#endif +#ifndef OPENSSL_NO_NEXTPROTONEG + {"nextprotoneg", OPT_NEXTPROTONEG, 's', + "Set the advertised protocols for the NPN extension (comma-separated list)"}, +#endif +#ifndef OPENSSL_NO_SRTP + {"use_srtp", OPT_SRTP_PROFILES, '<', + "Offer SRTP key management with a colon-separated profile list"}, + {"alpn", OPT_ALPN, 's', + "Set the advertised protocols for the ALPN extension (comma-separated list)"}, +#endif +#ifndef OPENSSL_NO_ENGINE + {"engine", OPT_ENGINE, 's'}, +#endif {NULL} }; @@ -1246,13 +1245,11 @@ int s_server_main(int argc, char *argv[]) case OPT_MSGFILE: bio_s_msg = BIO_new_file(opt_arg(), "w"); break; -#ifndef OPENSSL_NO_SSL_TRACE case OPT_TRACE: +#ifndef OPENSSL_NO_SSL_TRACE s_msg = 2; - break; #else - case OPT_TRACE: - goto opthelp; + break; #endif case OPT_SECURITY_DEBUG: sdebug = 1; @@ -1296,6 +1293,10 @@ int s_server_main(int argc, char *argv[]) goto end; } break; +#else + case OPT_PSK_HINT: + case OPT_PSK: + break; #endif #ifndef OPENSSL_NO_SRP case OPT_SRPVFILE: @@ -1323,11 +1324,11 @@ int s_server_main(int argc, char *argv[]) case OPT_HTTP: www = 3; break; -#ifndef OPENSSL_NO_SSL3 case OPT_SSL3: +#ifndef OPENSSL_NO_SSL3 meth = SSLv3_server_method(); - break; #endif + break; case OPT_TLS1_2: meth = TLSv1_2_server_method(); break; @@ -1359,6 +1360,14 @@ int s_server_main(int argc, char *argv[]) case OPT_CHAIN: cert_chain = 1; break; +#else + case OPT_DTLS: + case OPT_DTLS1: + case OPT_DTLS1_2: + case OPT_TIMEOUT: + case OPT_MTU: + case OPT_CHAIN: + break; #endif case OPT_ID_PREFIX: session_id_prefix = opt_arg(); @@ -1381,11 +1390,11 @@ int s_server_main(int argc, char *argv[]) case OPT_KEY2: s_key_file2 = opt_arg(); break; -#ifndef OPENSSL_NO_NEXTPROTONEG case OPT_NEXTPROTONEG: +# ifndef OPENSSL_NO_NEXTPROTONEG next_proto_neg_in = opt_arg(); - break; #endif + break; case OPT_ALPN: alpn_in = opt_arg(); break; diff --git a/apps/s_time.c b/apps/s_time.c index 74decd23bc..4f56174d65 100644 --- a/apps/s_time.c +++ b/apps/s_time.c @@ -114,9 +114,7 @@ typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_CONNECT, OPT_CIPHER, OPT_CERT, OPT_KEY, OPT_CAPATH, OPT_CAFILE, OPT_NEW, OPT_REUSE, OPT_BUGS, OPT_VERIFY, OPT_TIME, -#ifndef OPENSSL_NO_SSL3 OPT_SSL3, -#endif OPT_WWW } OPTION_CHOICE; @@ -227,11 +225,11 @@ int s_time_main(int argc, char **argv) goto end; } break; -#ifndef OPENSSL_NO_SSL3 case OPT_SSL3: +#ifndef OPENSSL_NO_SSL3 meth = SSLv3_client_method(); - break; #endif + break; } } argc = opt_num_rest(); diff --git a/apps/speed.c b/apps/speed.c index b93237e591..45a060fd14 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -358,19 +358,19 @@ OPTIONS speed_options[] = { {OPT_HELP_STR, 1, '-', "Usage: %s [options] ciphers...\n"}, {OPT_HELP_STR, 1, '-', "Valid options are:\n"}, {"help", OPT_HELP, '-', "Display this summary"}, + {"evp", OPT_EVP, 's', "Use specified EVP cipher"}, + {"decrypt", OPT_DECRYPT, '-', + "Time decryption instead of encryption (only EVP)"}, + {"mr", OPT_MR, '-', "Produce machine readable output"}, + {"mb", OPT_MB, '-'}, + {"misalign", OPT_MISALIGN, 'n', "Amount to mis-align buffers"}, #if defined(TIMES) || defined(USE_TOD) {"elapsed", OPT_ELAPSED, '-', "Measure time in real time instead of CPU user time"}, #endif - {"evp", OPT_EVP, 's', "Use specified EVP cipher"}, - {"decrypt", OPT_DECRYPT, '-', - "Time decryption instead of encryption (only EVP)"}, #ifndef NO_FORK {"multi", OPT_MULTI, 'p', "Run benchmarks in parallel"}, #endif - {"mr", OPT_MR, '-', "Produce machine readable output"}, - {"mb", OPT_MB, '-'}, - {"misalign", OPT_MISALIGN, 'n', "Amount to mis-align buffers"}, #ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, #endif @@ -829,11 +829,11 @@ int speed_main(int argc, char **argv) case OPT_ENGINE: (void)setup_engine(opt_arg(), 0); break; -#ifndef NO_FORK case OPT_MULTI: +#ifndef NO_FORK multi = atoi(opt_arg()); - break; #endif + break; case OPT_MISALIGN: if (!opt_int(opt_arg(), &misalign)) goto end; diff --git a/apps/ts.c b/apps/ts.c index dfbf7eaeb3..feec34ba4f 100644 --- a/apps/ts.c +++ b/apps/ts.c @@ -151,10 +151,10 @@ OPTIONS ts_options[] = { {"CApath", OPT_CAPATH, '/', "Path to trusted CA files"}, {"CAfile", OPT_CAFILE, '<', "File with trusted CA certs"}, {"untrusted", OPT_UNTRUSTED, '<', "File with untrusted certs"}, + {"", OPT_MD, '-', "Any supported digest"}, #ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, #endif - {"", OPT_MD, '-', "Any supported digest"}, {NULL} }; diff --git a/apps/verify.c b/apps/verify.c index 0235194567..227b85b384 100644 --- a/apps/verify.c +++ b/apps/verify.c @@ -91,10 +91,10 @@ OPTIONS verify_options[] = { {"CRLfile", OPT_CRLFILE, '<'}, {"crl_download", OPT_CRL_DOWNLOAD, '-'}, {"show_chain", OPT_SHOW_CHAIN, '-'}, + OPT_V_OPTIONS, #ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, #endif - OPT_V_OPTIONS, {NULL} }; diff --git a/apps/x509.c b/apps/x509.c index 77a2a6b437..0345cf09c7 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -107,13 +107,9 @@ typedef enum OPTION_choice { OPT_PURPOSE, OPT_STARTDATE, OPT_ENDDATE, OPT_CHECKEND, OPT_CHECKHOST, OPT_CHECKEMAIL, OPT_CHECKIP, OPT_NOOUT, OPT_TRUSTOUT, OPT_CLRTRUST, OPT_CLRREJECT, OPT_ALIAS, OPT_CACREATESERIAL, OPT_CLREXT, OPT_OCSPID, -#ifndef OPENSSL_NO_MD5 OPT_SUBJECT_HASH_OLD, OPT_ISSUER_HASH_OLD, -#endif -#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL OPT_FORCE_VERSION, -#endif OPT_BADSIG, OPT_MD, OPT_ENGINE, OPT_NOCERT } OPTION_CHOICE; @@ -130,12 +126,6 @@ OPTIONS x509_options[] = { {"serial", OPT_SERIAL, '-', "Print serial number value"}, {"subject_hash", OPT_HASH, '-', "Print subject hash value"}, {"issuer_hash", OPT_ISSUER_HASH, '-', "Print issuer hash value"}, -#ifndef OPENSSL_NO_MD5 - {"subject_hash_old", OPT_SUBJECT_HASH_OLD, '-', - "Print old-style (MD5) issuer hash value"}, - {"issuer_hash_old", OPT_ISSUER_HASH_OLD, '-', - "Print old-style (MD5) subject hash value"}, -#endif {"hash", OPT_HASH, '-', "Synonym for -subject_hash"}, {"subject", OPT_SUBJECT, '-', "Print subject DN"}, {"issuer", OPT_ISSUER, '-', "Print issuer DN"}, @@ -194,11 +184,17 @@ OPTIONS x509_options[] = { {"clrreject", OPT_CLRREJECT, '-'}, {"badsig", OPT_BADSIG, '-'}, {"", OPT_MD, '-', "Any supported digest"}, -#ifndef OPENSSL_NO_ENGINE - {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, +#ifndef OPENSSL_NO_MD5 + {"subject_hash_old", OPT_SUBJECT_HASH_OLD, '-', + "Print old-style (MD5) issuer hash value"}, + {"issuer_hash_old", OPT_ISSUER_HASH_OLD, '-', + "Print old-style (MD5) subject hash value"}, #endif #ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL {"force_version", OPT_FORCE_VERSION, 'p'}, +#endif +#ifndef OPENSSL_NO_ENGINE + {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, #endif {NULL} }; @@ -291,11 +287,11 @@ int x509_main(int argc, char **argv) if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, opt_arg())) goto opthelp; break; -#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL case OPT_FORCE_VERSION: +#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL force_version = atoi(opt_arg()) - 1; - break; #endif + break; case OPT_DAYS: days = atoi(opt_arg()); break; @@ -459,6 +455,10 @@ int x509_main(int argc, char **argv) case OPT_ISSUER_HASH_OLD: issuer_hash_old = ++num; break; +#else + case OPT_SUBJECT_HASH_OLD: + case OPT_ISSUER_HASH_OLD: + break; #endif case OPT_DATES: startdate = ++num; -- 2.39.5