From: Nikos Mavrogiannopoulos Date: Sat, 21 Jan 2012 01:00:39 +0000 (+0100) Subject: gnutls-serv uses libopts. X-Git-Tag: gnutls_3_0_13~253 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=206be50979eeb8a3e3bcfd1ce3d82b6291e90df0;p=thirdparty%2Fgnutls.git gnutls-serv uses libopts. --- diff --git a/.gitignore b/.gitignore index 5850f88e95..a80e064204 100644 --- a/.gitignore +++ b/.gitignore @@ -564,3 +564,4 @@ doc/examples/ex-client-x509 doc/examples/ex-serv-x509 tests/slow/cipher-test libopts/libopts.la +src/serv-args.def diff --git a/configure.ac b/configure.ac index 8fb9d2b55c..c0a4a0ff22 100644 --- a/configure.ac +++ b/configure.ac @@ -488,6 +488,7 @@ AC_CONFIG_FILES([ po/Makefile.in src/Makefile src/cli-args.def + src/serv-args.def src/cli-debug-args.def src/srptool-args.def src/psk-args.def diff --git a/doc/manpages/Makefile.am b/doc/manpages/Makefile.am index 338fcda997..7ec7d0ffc1 100644 --- a/doc/manpages/Makefile.am +++ b/doc/manpages/Makefile.am @@ -29,6 +29,9 @@ endif gnutls-cli.1: ../../src/cli-args.def -autogen -DMAN_SECTION=1 -Tagman-cmd.tpl $< +gnutls-serv.1: ../../src/serv-args.def + -autogen -DMAN_SECTION=1 -Tagman-cmd.tpl $< + gnutls-cli-debug.1: ../../src/cli-debug-args.def -autogen -DMAN_SECTION=1 -Tagman-cmd.tpl $< diff --git a/doc/manpages/gnutls-serv.1 b/doc/manpages/gnutls-serv.1 index 407475d89d..fda8e23885 100644 --- a/doc/manpages/gnutls-serv.1 +++ b/doc/manpages/gnutls-serv.1 @@ -1,119 +1,201 @@ -.TH gnutls\-serv 1 "December 1st 2003" +.TH gnutls-serv 1 "21 Jan 2012" "3.0.12" "User Commands" +.\" +.\" DO NOT EDIT THIS FILE (serv-args.man) +.\" +.\" It has been AutoGen-ed January 21, 2012 at 01:58:11 AM by AutoGen 5.12 +.\" From the definitions ../../src/serv-args.def +.\" and the template file agman-cmd.tpl +.\" .SH NAME -gnutls\-serv \- GnuTLS test server +gnutls-serv \- GnuTLS server .SH SYNOPSIS -gnutls\-serv [\fIoptions\fR] -.SH DESCRIPTION -Simple server program that listens to incoming TLS connections. -.SH OPTIONS -.SS Program control options -.IP "\-d, \-\-debug LEVEL" -Specify the debug level. Default is 1. -.IP "\-h, \-\-help" -prints this help -.IP "\-l, \-\-list" -Print a list of the supported algorithms and modes. -.IP "\-q, \-\-quiet" +.B gnutls-serv +.\" Mixture of short (flag) options and long options +.RB [ \-\fIflag\fP " [\fIvalue\fP]]... [" \-\-\fIopt\-name\fP " [[=| ]\fIvalue\fP]]..." +.PP +Operands and options may be intermixed. They will be reordered. +.SH "DESCRIPTION" +Server program that listens to incoming TLS connections. +.SH "OPTIONS" +.TP +.BR \-d " \fInumber\fP, " \-\-debug "=" \fInumber\fP +Enable debugging. +This option takes an integer number as its argument. +The value of \fInumber\fP is constrained to being: +.in +4 +.nf +.na +in the range 0 through 9999 +.fi +.in -4 +.sp +.TP +.BR \-\-noticket +Don't accept session tickets. +.sp +.TP +.BR \-g ", " -\-generate +Generate Diffie-Hellman and RSA-export parameters. +.sp +.TP +.BR \-q ", " -\-quiet Suppress some messages. -.IP "\-v, \-\-version" -prints the program's version number - -.SS Server options -.IP "\-p, \-\-port \fIinteger\fR" -The port to listen on. -.IP "\-\-nodb" -Does not use the resume database. -.IP "\-\-http" -Act as an HTTP Server. -.IP "\-\-echo" -Act as an Echo Server. - -.SS TLS/SSL control options -.IP "\-\-priority \fIPRIORITY STRING\fR" -TLS algorithms and protocols to enable. -You can use predefined sets of ciphersuites such as: -.IP -.B "PERFORMANCE" -all the "secure" ciphersuites are enabled, limited to 128 bit -ciphers and sorted by terms of speed performance. -.IP -.B "NORMAL" -option enables all "secure" ciphersuites. The 256-bit ciphers -are included as a fallback only. The ciphers are sorted by security -margin. -.IP -.B "SECURE128" -flag enables all "secure" ciphersuites with ciphers up to -128 bits, sorted by security margin. -.IP -.B "SECURE256" -flag enables all "secure" ciphersuites including the 256 bit -ciphers, sorted by security margin. -.IP -.B "EXPORT" -all the ciphersuites are enabled, including the -low-security 40 bit ciphers. -.IP -.B "NONE" -nothing is enabled. This disables even protocols and -compression methods. -.IP -.IP -Check the GnuTLS manual on section "Priority strings" for -more information on allowed keywords. -.IP -.B Examples: -.IP -"NORMAL" -.IP -"NONE:+VERS-TLS-ALL:+MAC-ALL:+RSA:+AES-128-CBC:+SIGN-ALL:+COMP-NULL" -.IP -"NORMAL:-ARCFOUR-128" means normal ciphers except for ARCFOUR-128. -.IP -"SECURE:-VERS-SSL3.0:+COMP-DEFLATE" means that only secure ciphers are -enabled, SSL3.0 is disabled, and libz compression enabled. -.IP - "NONE:+VERS-TLS-ALL:+AES-128-CBC:+RSA:+SHA1:+COMP-NULL:+SIGN-RSA-SHA1" -.IP -"NORMAL:%COMPAT" is the most compatible mode - -.IP "\-g, \-\-generate" -Generate Diffie-Hellman Parameters. -.IP "\-\-kx \fIkx1 kx2...\fR" -Key exchange methods to enable (use \fBgnutls\-cli \-\-list\fR to show -the supported key exchange methods). -.IP "\-p, \-\-port \fIinteger\fR" -The port to connect to. - -.SS Certificate options -.IP "\-\-pgpcertfile \fIFILE\fR" -PGP Public Key (certificate) file to use. -.IP "\-\-pgpkeyfile \fIFILE\fR" +.sp +.TP +.BR \-\-nodb +Do not use a resumption database. +.sp +.TP +.BR \-\-http +Act as an HTTP server. +.sp +.TP +.BR \-\-echo +Act as an Echo server. +.sp +.TP +.BR \-u ", " -\-udp +Use DTLS (datagram TLS) over UDP. +.sp +.TP +.BR \-\-mtu "=\fInumber\fP" +Set MTU for datagram TLS. +This option takes an integer number as its argument. +The value of \fInumber\fP is constrained to being: +.in +4 +.nf +.na +in the range 0 through 17000 +.fi +.in -4 +.sp +.TP +.BR \-a ", " -\-disable\-client\-cert +Do not request a client certificate. +.sp +.TP +.BR \-r ", " -\-require\-client\-cert +Require a client certificate. +.sp +.TP +.BR \-\-x509fmtder +Use DER format for certificates to read from. +.sp +.TP +.BR \-\-priority "=\fIstring\fP" +Priorities string. +.sp +TLS algorithms and protocols to enable. You can +use predefined sets of ciphersuites such as PERFORMANCE, +NORMAL, SECURE128, SECURE256. +Check the GnuTLS manual on section ``Priority strings'' for more +information on allowed keywords +.TP +.BR \-\-dhparams "=\fIfile\fP" +DH params file to use. +.sp +.TP +.BR \-\-x509cafile "=\fIfile\fP" +Certificate file or PKCS #11 URL to use. +.sp +.TP +.BR \-\-x509crlfile "=\fIfile\fP" +CRL file to use. +.sp +.TP +.BR \-\-pgpkeyfile "=\fIfile\fP" PGP Key file to use. -.IP "\-\-pgpkeyring \fIFILE\fR" +.sp +.TP +.BR \-\-pgpkeyring "=\fIfile\fP" PGP Key ring file to use. -.IP "\-\-pgptrustdb \fIFILE\fR" -PGP trustdb file to use. -.IP "\-\-srppasswd \fIFILE\fR" +.sp +.TP +.BR \-\-pgpcertfile "=\fIfile\fP" +PGP Public Key (certificate) file to use. +.sp +.TP +.BR \-\-x509keyfile "=\fIfile\fP" +X.509 key file or PKCS #11 URL to use. +.sp +.TP +.BR \-\-x509certfile "=\fIfile\fP" +X.509 Certificate file or PKCS #11 URL to use. +.sp +.TP +.BR \-\-x509dsakeyfile "=\fIfile\fP" +Alternative X.509 key file or PKCS #11 URL to use. +.sp +.TP +.BR \-\-x509dsacertfile "=\fIfile\fP" +Alternative X.509 Certificate file or PKCS #11 URL to use. +.sp +.TP +.BR \-\-x509ecckeyfile "=\fIfile\fP" +Alternative X.509 key file or PKCS #11 URL to use. +.sp +.TP +.BR \-\-x509ecccertfile "=\fIfile\fP" +Alternative X.509 Certificate file or PKCS #11 URL to use. +.sp +.TP +.BR \-\-pgpsubkey "=\fIstring\fP" +PGP subkey to use (hex or auto). +.sp +.TP +.BR \-\-srppasswd "=\fIfile\fP" SRP password file to use. -.IP "\-\-srppasswdconf \fIFILE\fR" +.sp +.TP +.BR \-\-srppasswdconf "=\fIfile\fP" SRP password configuration file to use. -.IP "\-\-x509cafile \fIFILE\fR" -Certificate file to use. -.IP "\-\-x509certfile \fIFILE\fR" -X.509 Certificate file to use. -.IP "\-\-x509fmtder" -Use DER format for certificates -.IP "\-\-x509keyfile \fIFILE\fR" -X.509 key file to use. - +.sp +.TP +.BR \-\-pskpasswd "=\fIfile\fP" +PSK password file to use. +.sp +.TP +.BR \-\-pskhint "=\fIstring\fP" +PSK identity hint to use. +.sp +.TP +.BR \-p " \fInumber\fP, " \-\-port "=" \fInumber\fP +The port to connect to. +This option takes an integer number as its argument. +.sp +.TP +.BR \-l " \fIstring\fP, " \-\-list "=" \fIstring\fP +Print a list of the supported algorithms and modes. +.sp +Print a list of the supported algorithms and modes. If a priority string is given then only the enabled ciphersuites are shown. +.TP +.BR \-? , " \-\-help" +Display usage information and exit. +.TP +.BR \-! , " \-\-more-help" +Pass the extended usage information through a pager. +.TP +.BR \-v " [{\fIv|c|n\fP}]," " \-\-version" "[=\fI{v|c|n}\fP]" +Output version of program and exit. The default mode is `v', a simple +version. The `c' mode will print copyright information and `n' will +print the full copyright notice. +.SH "EXIT STATUS" +One of the following exit values will be returned: +.TP +.BR 0 +Successful program execution. +.TP +.BR 1 +The operation failed or the command syntax was not valid. .SH "SEE ALSO" -.BR gnutls\-cli (1), -.BR gnutls\-cli\-debug (1) -.SH AUTHOR -.PP -Nikos Mavrogiannopoulos and others; see -/usr/share/doc/gnutls\-bin/AUTHORS for a complete list. -.PP -This manual page was written by Ivo Timmermans , for -the Debian GNU/Linux system (but may be used by others). +gnutls-cli-debug(1), gnutls-cli(1) +.SH "AUTHORS" +Nikos Mavrogiannopoulos and Simon Josefsson +.SH "COPYRIGHT" +Copyright (C) 2000-2012 Free Software Foundation all rights reserved. +This program is released under the terms of the GNU General Public License, version 3 or later. +.SH "BUGS" +Please send bug reports to: bug-gnutls@gnu.org +.SH "NOTES" +This manual page was \fIAutoGen\fP-erated from the \fBgnutls-serv\fP +option definitions. diff --git a/src/Makefile.am b/src/Makefile.am index 7b8109e51b..739869afeb 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -60,11 +60,11 @@ gnutls_serv_SOURCES = \ certtool-common.h \ $(PKCS11_SRCS) gnutls_serv_LDADD = ../lib/libgnutls.la -gnutls_serv_LDADD += libcmd-serv.la ../gl/libgnu.la +gnutls_serv_LDADD += libcmd-serv.la ../gl/libgnu.la $(LIBOPTS_LDADD) gnutls_serv_LDADD += $(LTLIBGCRYPT) $(LIBSOCKET) $(GETADDRINFO_LIB) noinst_LTLIBRARIES += libcmd-serv.la libcmd_serv_la_CFLAGS = -libcmd_serv_la_SOURCES = serv.gaa serv-gaa.h serv-gaa.c +libcmd_serv_la_SOURCES = serv-args.def serv-args.c serv-args.h if ENABLE_SRP srptool_SOURCES = srptool.c @@ -171,7 +171,7 @@ cli-debug-args.c: $(srcdir)/cli-debug-args.def -autogen $< cli-args.c: $(srcdir)/cli-args.def -autogen $< +serv-args.c: $(srcdir)/serv-args.def + -autogen $< srptool-args.c: $(srcdir)/srptool-args.def -autogen $< -serv-gaa.c: $(srcdir)/serv.gaa - -$(GAA) $< -o serv-gaa.c -i serv-gaa.h diff --git a/src/serv-args.c b/src/serv-args.c new file mode 100644 index 0000000000..45b7e19aeb --- /dev/null +++ b/src/serv-args.c @@ -0,0 +1,1382 @@ +/* -*- buffer-read-only: t -*- vi: set ro: + * + * DO NOT EDIT THIS FILE (serv-args.c) + * + * It has been AutoGen-ed January 21, 2012 at 01:58:47 AM by AutoGen 5.12 + * From the definitions serv-args.def + * and the template file options + * + * Generated from AutoOpts 35:0:10 templates. + * + * AutoOpts is a copyrighted work. This source file is not encumbered + * by AutoOpts licensing, but is provided under the licensing terms chosen + * by the gnutls-serv author or copyright holder. AutoOpts is + * licensed under the terms of the LGPL. The redistributable library + * (``libopts'') is licensed under the terms of either the LGPL or, at the + * users discretion, the BSD license. See the AutoOpts and/or libopts sources + * for details. + * + * This source file is copyrighted and licensed under the following terms: + * + * Copyright (C) 2000-2012 Free Software Foundation, all rights reserved. + * This is free software. It is licensed for use, modification and + * redistribution under the terms of the + * GNU General Public License, version 3 or later + * + * +PFX>gnutls-serv is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * gnutls-serv is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + * See the GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program. If not, see . + */ + +#include + +#include +#include +#include +#include +#define OPTION_CODE_COMPILE 1 +#include "serv-args.h" + +#ifdef __cplusplus +extern "C" { +#endif +extern FILE * option_usage_fp; + +/* TRANSLATORS: choose the translation for option names wisely because you + cannot ever change your mind. */ +static char const zCopyright[279] = +"gnutls-serv 3.0.12\n\ +Copyright (C) 2000-2012 Free Software Foundation, all rights reserved.\n\ +This is free software. It is licensed for use, modification and\n\ +redistribution under the terms of the\n\ +GNU General Public License, version 3 or later\n\ + \n"; +static char const zLicenseDescrip[611] = +"gnutls-serv is free software: you can redistribute it and/or modify it\n\ +under the terms of the GNU General Public License as published by the\n\ +Free Software Foundation, either version 3 of the License, or (at your\n\ +option) any later version.\n\n\ +gnutls-serv is distributed in the hope that it will be useful, but WITHOUT\n\ +ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or\n\ +FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License\n\ +for more details.\n\n\ +You should have received a copy of the GNU General Public License along\n\ +with this program. If not, see .\n"; + +extern tUsageProc optionUsage; + +#ifndef NULL +# define NULL 0 +#endif + +/* + * Debug option description: + */ +static char const zDebugText[] = + "Enable debugging"; +static char const zDebug_NAME[] = "DEBUG"; +static char const zDebug_Name[] = "debug"; +#define DEBUG_FLAGS (OPTST_DISABLED \ + | OPTST_SET_ARGTYPE(OPARG_TYPE_NUMERIC)) + +/* + * Noticket option description: + */ +static char const zNoticketText[] = + "Don't accept session tickets"; +static char const zNoticket_NAME[] = "NOTICKET"; +static char const zNoticket_Name[] = "noticket"; +#define NOTICKET_FLAGS (OPTST_DISABLED) + +/* + * Generate option description: + */ +static char const zGenerateText[] = + "Generate Diffie-Hellman and RSA-export parameters"; +static char const zGenerate_NAME[] = "GENERATE"; +static char const zGenerate_Name[] = "generate"; +#define GENERATE_FLAGS (OPTST_DISABLED) + +/* + * Quiet option description: + */ +static char const zQuietText[] = + "Suppress some messages"; +static char const zQuiet_NAME[] = "QUIET"; +static char const zQuiet_Name[] = "quiet"; +#define QUIET_FLAGS (OPTST_DISABLED) + +/* + * Nodb option description: + */ +static char const zNodbText[] = + "Do not use a resumption database"; +static char const zNodb_NAME[] = "NODB"; +static char const zNodb_Name[] = "nodb"; +#define NODB_FLAGS (OPTST_DISABLED) + +/* + * Http option description: + */ +static char const zHttpText[] = + "Act as an HTTP server"; +static char const zHttp_NAME[] = "HTTP"; +static char const zHttp_Name[] = "http"; +#define HTTP_FLAGS (OPTST_DISABLED) + +/* + * Echo option description: + */ +static char const zEchoText[] = + "Act as an Echo server"; +static char const zEcho_NAME[] = "ECHO"; +static char const zEcho_Name[] = "echo"; +#define ECHO_FLAGS (OPTST_DISABLED) + +/* + * Udp option description: + */ +static char const zUdpText[] = + "Use DTLS (datagram TLS) over UDP"; +static char const zUdp_NAME[] = "UDP"; +static char const zUdp_Name[] = "udp"; +#define UDP_FLAGS (OPTST_DISABLED) + +/* + * Mtu option description: + */ +static char const zMtuText[] = + "Set MTU for datagram TLS"; +static char const zMtu_NAME[] = "MTU"; +static char const zMtu_Name[] = "mtu"; +#define MTU_FLAGS (OPTST_DISABLED \ + | OPTST_SET_ARGTYPE(OPARG_TYPE_NUMERIC)) + +/* + * Disable_Client_Cert option description: + */ +static char const zDisable_Client_CertText[] = + "Do not request a client certificate"; +static char const zDisable_Client_Cert_NAME[] = "DISABLE_CLIENT_CERT"; +static char const zDisable_Client_Cert_Name[]= "disable-client-cert"; +#define DISABLE_CLIENT_CERT_FLAGS (OPTST_DISABLED) + +/* + * Require_Client_Cert option description: + */ +static char const zRequire_Client_CertText[] = + "Require a client certificate"; +static char const zRequire_Client_Cert_NAME[] = "REQUIRE_CLIENT_CERT"; +static char const zRequire_Client_Cert_Name[]= "require-client-cert"; +#define REQUIRE_CLIENT_CERT_FLAGS (OPTST_DISABLED) + +/* + * X509fmtder option description: + */ +static char const zX509fmtderText[] = + "Use DER format for certificates to read from"; +static char const zX509fmtder_NAME[] = "X509FMTDER"; +static char const zX509fmtder_Name[] = "x509fmtder"; +#define X509FMTDER_FLAGS (OPTST_DISABLED) + +/* + * Priority option description: + */ +static char const zPriorityText[] = + "Priorities string"; +static char const zPriority_NAME[] = "PRIORITY"; +static char const zPriority_Name[] = "priority"; +#define PRIORITY_FLAGS (OPTST_DISABLED \ + | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING)) + +/* + * Dhparams option description: + */ +static char const zDhparamsText[] = + "DH params file to use"; +static char const zDhparams_NAME[] = "DHPARAMS"; +static char const zDhparams_Name[] = "dhparams"; +#define DHPARAMS_FLAGS (OPTST_DISABLED \ + | OPTST_SET_ARGTYPE(OPARG_TYPE_FILE)) + +/* + * X509cafile option description: + */ +static char const zX509cafileText[] = + "Certificate file or PKCS #11 URL to use"; +static char const zX509cafile_NAME[] = "X509CAFILE"; +static char const zX509cafile_Name[] = "x509cafile"; +#define X509CAFILE_FLAGS (OPTST_DISABLED \ + | OPTST_SET_ARGTYPE(OPARG_TYPE_FILE)) + +/* + * X509crlfile option description: + */ +static char const zX509crlfileText[] = + "CRL file to use"; +static char const zX509crlfile_NAME[] = "X509CRLFILE"; +static char const zX509crlfile_Name[] = "x509crlfile"; +#define X509CRLFILE_FLAGS (OPTST_DISABLED \ + | OPTST_SET_ARGTYPE(OPARG_TYPE_FILE)) + +/* + * Pgpkeyfile option description: + */ +static char const zPgpkeyfileText[] = + "PGP Key file to use"; +static char const zPgpkeyfile_NAME[] = "PGPKEYFILE"; +static char const zPgpkeyfile_Name[] = "pgpkeyfile"; +#define PGPKEYFILE_FLAGS (OPTST_DISABLED \ + | OPTST_SET_ARGTYPE(OPARG_TYPE_FILE)) + +/* + * Pgpkeyring option description: + */ +static char const zPgpkeyringText[] = + "PGP Key ring file to use"; +static char const zPgpkeyring_NAME[] = "PGPKEYRING"; +static char const zPgpkeyring_Name[] = "pgpkeyring"; +#define PGPKEYRING_FLAGS (OPTST_DISABLED \ + | OPTST_SET_ARGTYPE(OPARG_TYPE_FILE)) + +/* + * Pgpcertfile option description: + */ +static char const zPgpcertfileText[] = + "PGP Public Key (certificate) file to use"; +static char const zPgpcertfile_NAME[] = "PGPCERTFILE"; +static char const zPgpcertfile_Name[] = "pgpcertfile"; +#define PGPCERTFILE_FLAGS (OPTST_DISABLED \ + | OPTST_SET_ARGTYPE(OPARG_TYPE_FILE)) + +/* + * X509keyfile option description: + */ +static char const zX509keyfileText[] = + "X.509 key file or PKCS #11 URL to use"; +static char const zX509keyfile_NAME[] = "X509KEYFILE"; +static char const zX509keyfile_Name[] = "x509keyfile"; +#define X509KEYFILE_FLAGS (OPTST_DISABLED \ + | OPTST_SET_ARGTYPE(OPARG_TYPE_FILE)) + +/* + * X509certfile option description: + */ +static char const zX509certfileText[] = + "X.509 Certificate file or PKCS #11 URL to use"; +static char const zX509certfile_NAME[] = "X509CERTFILE"; +static char const zX509certfile_Name[] = "x509certfile"; +#define X509CERTFILE_FLAGS (OPTST_DISABLED \ + | OPTST_SET_ARGTYPE(OPARG_TYPE_FILE)) + +/* + * X509dsakeyfile option description: + */ +static char const zX509dsakeyfileText[] = + "Alternative X.509 key file or PKCS #11 URL to use"; +static char const zX509dsakeyfile_NAME[] = "X509DSAKEYFILE"; +static char const zX509dsakeyfile_Name[] = "x509dsakeyfile"; +#define X509DSAKEYFILE_FLAGS (OPTST_DISABLED \ + | OPTST_SET_ARGTYPE(OPARG_TYPE_FILE)) + +/* + * X509dsacertfile option description: + */ +static char const zX509dsacertfileText[] = + "Alternative X.509 Certificate file or PKCS #11 URL to use"; +static char const zX509dsacertfile_NAME[] = "X509DSACERTFILE"; +static char const zX509dsacertfile_Name[] = "x509dsacertfile"; +#define X509DSACERTFILE_FLAGS (OPTST_DISABLED \ + | OPTST_SET_ARGTYPE(OPARG_TYPE_FILE)) + +/* + * X509ecckeyfile option description: + */ +static char const zX509ecckeyfileText[] = + "Alternative X.509 key file or PKCS #11 URL to use"; +static char const zX509ecckeyfile_NAME[] = "X509ECCKEYFILE"; +static char const zX509ecckeyfile_Name[] = "x509ecckeyfile"; +#define X509ECCKEYFILE_FLAGS (OPTST_DISABLED \ + | OPTST_SET_ARGTYPE(OPARG_TYPE_FILE)) + +/* + * X509ecccertfile option description: + */ +static char const zX509ecccertfileText[] = + "Alternative X.509 Certificate file or PKCS #11 URL to use"; +static char const zX509ecccertfile_NAME[] = "X509ECCCERTFILE"; +static char const zX509ecccertfile_Name[] = "x509ecccertfile"; +#define X509ECCCERTFILE_FLAGS (OPTST_DISABLED \ + | OPTST_SET_ARGTYPE(OPARG_TYPE_FILE)) + +/* + * Pgpsubkey option description: + */ +static char const zPgpsubkeyText[] = + "PGP subkey to use (hex or auto)"; +static char const zPgpsubkey_NAME[] = "PGPSUBKEY"; +static char const zPgpsubkey_Name[] = "pgpsubkey"; +#define PGPSUBKEY_FLAGS (OPTST_DISABLED \ + | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING)) + +/* + * Srppasswd option description: + */ +static char const zSrppasswdText[] = + "SRP password file to use"; +static char const zSrppasswd_NAME[] = "SRPPASSWD"; +static char const zSrppasswd_Name[] = "srppasswd"; +#define SRPPASSWD_FLAGS (OPTST_DISABLED \ + | OPTST_SET_ARGTYPE(OPARG_TYPE_FILE)) + +/* + * Srppasswdconf option description: + */ +static char const zSrppasswdconfText[] = + "SRP password configuration file to use"; +static char const zSrppasswdconf_NAME[] = "SRPPASSWDCONF"; +static char const zSrppasswdconf_Name[] = "srppasswdconf"; +#define SRPPASSWDCONF_FLAGS (OPTST_DISABLED \ + | OPTST_SET_ARGTYPE(OPARG_TYPE_FILE)) + +/* + * Pskpasswd option description: + */ +static char const zPskpasswdText[] = + "PSK password file to use"; +static char const zPskpasswd_NAME[] = "PSKPASSWD"; +static char const zPskpasswd_Name[] = "pskpasswd"; +#define PSKPASSWD_FLAGS (OPTST_DISABLED \ + | OPTST_SET_ARGTYPE(OPARG_TYPE_FILE)) + +/* + * Pskhint option description: + */ +static char const zPskhintText[] = + "PSK identity hint to use"; +static char const zPskhint_NAME[] = "PSKHINT"; +static char const zPskhint_Name[] = "pskhint"; +#define PSKHINT_FLAGS (OPTST_DISABLED \ + | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING)) + +/* + * Port option description: + */ +static char const zPortText[] = + "The port to connect to"; +static char const zPort_NAME[] = "PORT"; +static char const zPort_Name[] = "port"; +#define PORT_FLAGS (OPTST_DISABLED \ + | OPTST_SET_ARGTYPE(OPARG_TYPE_NUMERIC)) + +/* + * List option description: + */ +static char const zListText[] = + "Print a list of the supported algorithms and modes"; +static char const zList_NAME[] = "LIST"; +static char const zList_Name[] = "list"; +#define LIST_FLAGS (OPTST_DISABLED \ + | OPTST_SET_ARGTYPE(OPARG_TYPE_STRING)) + +/* + * Help/More_Help/Version option descriptions: + */ +static char const zHelpText[] = "Display extended usage information and exit"; +static char const zHelp_Name[] = "help"; +#ifdef HAVE_WORKING_FORK +#define OPTST_MORE_HELP_FLAGS (OPTST_IMM | OPTST_NO_INIT) +static char const zMore_Help_Name[] = "more-help"; +static char const zMore_HelpText[] = "Extended usage information passed thru pager"; +#else +#define OPTST_MORE_HELP_FLAGS (OPTST_OMITTED | OPTST_NO_INIT) +#define zMore_Help_Name NULL +#define zMore_HelpText NULL +#endif +#ifdef NO_OPTIONAL_OPT_ARGS +# define OPTST_VERSION_FLAGS OPTST_IMM | OPTST_NO_INIT +#else +# define OPTST_VERSION_FLAGS OPTST_SET_ARGTYPE(OPARG_TYPE_STRING) | \ + OPTST_ARG_OPTIONAL | OPTST_IMM | OPTST_NO_INIT +#endif + +static char const zVersionText[] = "Output version information and exit"; +static char const zVersion_Name[] = "version"; +/* + * Declare option callback procedures + */ +extern tOptProc + optionBooleanVal, optionNestedVal, optionNumericVal, + optionPagedUsage, optionPrintVersion, optionResetOpt, + optionStackArg, optionTimeDate, optionTimeVal, + optionUnstackArg, optionVersionStderr; +static tOptProc + doOptDebug, doOptDhparams, doOptMtu, + doOptPgpcertfile, doOptPgpkeyfile, doOptPgpkeyring, + doOptPskpasswd, doOptSrppasswd, doOptSrppasswdconf, + doOptX509cafile, doOptX509certfile, doOptX509crlfile, + doOptX509dsacertfile, doOptX509dsakeyfile, doOptX509ecccertfile, + doOptX509ecckeyfile, doOptX509keyfile, doUsageOpt; + +/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * + * + * Define the Gnutls_Serv Option Descriptions. + */ +static tOptDesc optDesc[OPTION_CT] = { + { /* entry idx, value */ 0, VALUE_OPT_DEBUG, + /* equiv idx, value */ 0, VALUE_OPT_DEBUG, + /* equivalenced to */ NO_EQUIVALENT, + /* min, max, act ct */ 0, 1, 0, + /* opt state flags */ DEBUG_FLAGS, 0, + /* last opt argumnt */ { NULL }, + /* arg list/cookie */ NULL, + /* must/cannot opts */ NULL, NULL, + /* option proc */ doOptDebug, + /* desc, NAME, name */ zDebugText, zDebug_NAME, zDebug_Name, + /* disablement strs */ NULL, NULL }, + + { /* entry idx, value */ 1, VALUE_OPT_NOTICKET, + /* equiv idx, value */ 1, VALUE_OPT_NOTICKET, + /* equivalenced to */ NO_EQUIVALENT, + /* min, max, act ct */ 0, 1, 0, + /* opt state flags */ NOTICKET_FLAGS, 0, + /* last opt argumnt */ { NULL }, + /* arg list/cookie */ NULL, + /* must/cannot opts */ NULL, NULL, + /* option proc */ NULL, + /* desc, NAME, name */ zNoticketText, zNoticket_NAME, zNoticket_Name, + /* disablement strs */ NULL, NULL }, + + { /* entry idx, value */ 2, VALUE_OPT_GENERATE, + /* equiv idx, value */ 2, VALUE_OPT_GENERATE, + /* equivalenced to */ NO_EQUIVALENT, + /* min, max, act ct */ 0, 1, 0, + /* opt state flags */ GENERATE_FLAGS, 0, + /* last opt argumnt */ { NULL }, + /* arg list/cookie */ NULL, + /* must/cannot opts */ NULL, NULL, + /* option proc */ NULL, + /* desc, NAME, name */ zGenerateText, zGenerate_NAME, zGenerate_Name, + /* disablement strs */ NULL, NULL }, + + { /* entry idx, value */ 3, VALUE_OPT_QUIET, + /* equiv idx, value */ 3, VALUE_OPT_QUIET, + /* equivalenced to */ NO_EQUIVALENT, + /* min, max, act ct */ 0, 1, 0, + /* opt state flags */ QUIET_FLAGS, 0, + /* last opt argumnt */ { NULL }, + /* arg list/cookie */ NULL, + /* must/cannot opts */ NULL, NULL, + /* option proc */ NULL, + /* desc, NAME, name */ zQuietText, zQuiet_NAME, zQuiet_Name, + /* disablement strs */ NULL, NULL }, + + { /* entry idx, value */ 4, VALUE_OPT_NODB, + /* equiv idx, value */ 4, VALUE_OPT_NODB, + /* equivalenced to */ NO_EQUIVALENT, + /* min, max, act ct */ 0, 1, 0, + /* opt state flags */ NODB_FLAGS, 0, + /* last opt argumnt */ { NULL }, + /* arg list/cookie */ NULL, + /* must/cannot opts */ NULL, NULL, + /* option proc */ NULL, + /* desc, NAME, name */ zNodbText, zNodb_NAME, zNodb_Name, + /* disablement strs */ NULL, NULL }, + + { /* entry idx, value */ 5, VALUE_OPT_HTTP, + /* equiv idx, value */ 5, VALUE_OPT_HTTP, + /* equivalenced to */ NO_EQUIVALENT, + /* min, max, act ct */ 0, 1, 0, + /* opt state flags */ HTTP_FLAGS, 0, + /* last opt argumnt */ { NULL }, + /* arg list/cookie */ NULL, + /* must/cannot opts */ NULL, NULL, + /* option proc */ NULL, + /* desc, NAME, name */ zHttpText, zHttp_NAME, zHttp_Name, + /* disablement strs */ NULL, NULL }, + + { /* entry idx, value */ 6, VALUE_OPT_ECHO, + /* equiv idx, value */ 6, VALUE_OPT_ECHO, + /* equivalenced to */ NO_EQUIVALENT, + /* min, max, act ct */ 0, 1, 0, + /* opt state flags */ ECHO_FLAGS, 0, + /* last opt argumnt */ { NULL }, + /* arg list/cookie */ NULL, + /* must/cannot opts */ NULL, NULL, + /* option proc */ NULL, + /* desc, NAME, name */ zEchoText, zEcho_NAME, zEcho_Name, + /* disablement strs */ NULL, NULL }, + + { /* entry idx, value */ 7, VALUE_OPT_UDP, + /* equiv idx, value */ 7, VALUE_OPT_UDP, + /* equivalenced to */ NO_EQUIVALENT, + /* min, max, act ct */ 0, 1, 0, + /* opt state flags */ UDP_FLAGS, 0, + /* last opt argumnt */ { NULL }, + /* arg list/cookie */ NULL, + /* must/cannot opts */ NULL, NULL, + /* option proc */ NULL, + /* desc, NAME, name */ zUdpText, zUdp_NAME, zUdp_Name, + /* disablement strs */ NULL, NULL }, + + { /* entry idx, value */ 8, VALUE_OPT_MTU, + /* equiv idx, value */ 8, VALUE_OPT_MTU, + /* equivalenced to */ NO_EQUIVALENT, + /* min, max, act ct */ 0, 1, 0, + /* opt state flags */ MTU_FLAGS, 0, + /* last opt argumnt */ { NULL }, + /* arg list/cookie */ NULL, + /* must/cannot opts */ NULL, NULL, + /* option proc */ doOptMtu, + /* desc, NAME, name */ zMtuText, zMtu_NAME, zMtu_Name, + /* disablement strs */ NULL, NULL }, + + { /* entry idx, value */ 9, VALUE_OPT_DISABLE_CLIENT_CERT, + /* equiv idx, value */ 9, VALUE_OPT_DISABLE_CLIENT_CERT, + /* equivalenced to */ NO_EQUIVALENT, + /* min, max, act ct */ 0, 1, 0, + /* opt state flags */ DISABLE_CLIENT_CERT_FLAGS, 0, + /* last opt argumnt */ { NULL }, + /* arg list/cookie */ NULL, + /* must/cannot opts */ NULL, NULL, + /* option proc */ NULL, + /* desc, NAME, name */ zDisable_Client_CertText, zDisable_Client_Cert_NAME, zDisable_Client_Cert_Name, + /* disablement strs */ NULL, NULL }, + + { /* entry idx, value */ 10, VALUE_OPT_REQUIRE_CLIENT_CERT, + /* equiv idx, value */ 10, VALUE_OPT_REQUIRE_CLIENT_CERT, + /* equivalenced to */ NO_EQUIVALENT, + /* min, max, act ct */ 0, 1, 0, + /* opt state flags */ REQUIRE_CLIENT_CERT_FLAGS, 0, + /* last opt argumnt */ { NULL }, + /* arg list/cookie */ NULL, + /* must/cannot opts */ NULL, NULL, + /* option proc */ NULL, + /* desc, NAME, name */ zRequire_Client_CertText, zRequire_Client_Cert_NAME, zRequire_Client_Cert_Name, + /* disablement strs */ NULL, NULL }, + + { /* entry idx, value */ 11, VALUE_OPT_X509FMTDER, + /* equiv idx, value */ 11, VALUE_OPT_X509FMTDER, + /* equivalenced to */ NO_EQUIVALENT, + /* min, max, act ct */ 0, 1, 0, + /* opt state flags */ X509FMTDER_FLAGS, 0, + /* last opt argumnt */ { NULL }, + /* arg list/cookie */ NULL, + /* must/cannot opts */ NULL, NULL, + /* option proc */ NULL, + /* desc, NAME, name */ zX509fmtderText, zX509fmtder_NAME, zX509fmtder_Name, + /* disablement strs */ NULL, NULL }, + + { /* entry idx, value */ 12, VALUE_OPT_PRIORITY, + /* equiv idx, value */ 12, VALUE_OPT_PRIORITY, + /* equivalenced to */ NO_EQUIVALENT, + /* min, max, act ct */ 0, 1, 0, + /* opt state flags */ PRIORITY_FLAGS, 0, + /* last opt argumnt */ { NULL }, + /* arg list/cookie */ NULL, + /* must/cannot opts */ NULL, NULL, + /* option proc */ NULL, + /* desc, NAME, name */ zPriorityText, zPriority_NAME, zPriority_Name, + /* disablement strs */ NULL, NULL }, + + { /* entry idx, value */ 13, VALUE_OPT_DHPARAMS, + /* equiv idx, value */ 13, VALUE_OPT_DHPARAMS, + /* equivalenced to */ NO_EQUIVALENT, + /* min, max, act ct */ 0, 1, 0, + /* opt state flags */ DHPARAMS_FLAGS, 0, + /* last opt argumnt */ { NULL }, + /* arg list/cookie */ NULL, + /* must/cannot opts */ NULL, NULL, + /* option proc */ doOptDhparams, + /* desc, NAME, name */ zDhparamsText, zDhparams_NAME, zDhparams_Name, + /* disablement strs */ NULL, NULL }, + + { /* entry idx, value */ 14, VALUE_OPT_X509CAFILE, + /* equiv idx, value */ 14, VALUE_OPT_X509CAFILE, + /* equivalenced to */ NO_EQUIVALENT, + /* min, max, act ct */ 0, 1, 0, + /* opt state flags */ X509CAFILE_FLAGS, 0, + /* last opt argumnt */ { NULL }, + /* arg list/cookie */ NULL, + /* must/cannot opts */ NULL, NULL, + /* option proc */ doOptX509cafile, + /* desc, NAME, name */ zX509cafileText, zX509cafile_NAME, zX509cafile_Name, + /* disablement strs */ NULL, NULL }, + + { /* entry idx, value */ 15, VALUE_OPT_X509CRLFILE, + /* equiv idx, value */ 15, VALUE_OPT_X509CRLFILE, + /* equivalenced to */ NO_EQUIVALENT, + /* min, max, act ct */ 0, 1, 0, + /* opt state flags */ X509CRLFILE_FLAGS, 0, + /* last opt argumnt */ { NULL }, + /* arg list/cookie */ NULL, + /* must/cannot opts */ NULL, NULL, + /* option proc */ doOptX509crlfile, + /* desc, NAME, name */ zX509crlfileText, zX509crlfile_NAME, zX509crlfile_Name, + /* disablement strs */ NULL, NULL }, + + { /* entry idx, value */ 16, VALUE_OPT_PGPKEYFILE, + /* equiv idx, value */ 16, VALUE_OPT_PGPKEYFILE, + /* equivalenced to */ NO_EQUIVALENT, + /* min, max, act ct */ 0, 1, 0, + /* opt state flags */ PGPKEYFILE_FLAGS, 0, + /* last opt argumnt */ { NULL }, + /* arg list/cookie */ NULL, + /* must/cannot opts */ NULL, NULL, + /* option proc */ doOptPgpkeyfile, + /* desc, NAME, name */ zPgpkeyfileText, zPgpkeyfile_NAME, zPgpkeyfile_Name, + /* disablement strs */ NULL, NULL }, + + { /* entry idx, value */ 17, VALUE_OPT_PGPKEYRING, + /* equiv idx, value */ 17, VALUE_OPT_PGPKEYRING, + /* equivalenced to */ NO_EQUIVALENT, + /* min, max, act ct */ 0, 1, 0, + /* opt state flags */ PGPKEYRING_FLAGS, 0, + /* last opt argumnt */ { NULL }, + /* arg list/cookie */ NULL, + /* must/cannot opts */ NULL, NULL, + /* option proc */ doOptPgpkeyring, + /* desc, NAME, name */ zPgpkeyringText, zPgpkeyring_NAME, zPgpkeyring_Name, + /* disablement strs */ NULL, NULL }, + + { /* entry idx, value */ 18, VALUE_OPT_PGPCERTFILE, + /* equiv idx, value */ 18, VALUE_OPT_PGPCERTFILE, + /* equivalenced to */ NO_EQUIVALENT, + /* min, max, act ct */ 0, 1, 0, + /* opt state flags */ PGPCERTFILE_FLAGS, 0, + /* last opt argumnt */ { NULL }, + /* arg list/cookie */ NULL, + /* must/cannot opts */ NULL, NULL, + /* option proc */ doOptPgpcertfile, + /* desc, NAME, name */ zPgpcertfileText, zPgpcertfile_NAME, zPgpcertfile_Name, + /* disablement strs */ NULL, NULL }, + + { /* entry idx, value */ 19, VALUE_OPT_X509KEYFILE, + /* equiv idx, value */ 19, VALUE_OPT_X509KEYFILE, + /* equivalenced to */ NO_EQUIVALENT, + /* min, max, act ct */ 0, 1, 0, + /* opt state flags */ X509KEYFILE_FLAGS, 0, + /* last opt argumnt */ { NULL }, + /* arg list/cookie */ NULL, + /* must/cannot opts */ NULL, NULL, + /* option proc */ doOptX509keyfile, + /* desc, NAME, name */ zX509keyfileText, zX509keyfile_NAME, zX509keyfile_Name, + /* disablement strs */ NULL, NULL }, + + { /* entry idx, value */ 20, VALUE_OPT_X509CERTFILE, + /* equiv idx, value */ 20, VALUE_OPT_X509CERTFILE, + /* equivalenced to */ NO_EQUIVALENT, + /* min, max, act ct */ 0, 1, 0, + /* opt state flags */ X509CERTFILE_FLAGS, 0, + /* last opt argumnt */ { NULL }, + /* arg list/cookie */ NULL, + /* must/cannot opts */ NULL, NULL, + /* option proc */ doOptX509certfile, + /* desc, NAME, name */ zX509certfileText, zX509certfile_NAME, zX509certfile_Name, + /* disablement strs */ NULL, NULL }, + + { /* entry idx, value */ 21, VALUE_OPT_X509DSAKEYFILE, + /* equiv idx, value */ 21, VALUE_OPT_X509DSAKEYFILE, + /* equivalenced to */ NO_EQUIVALENT, + /* min, max, act ct */ 0, 1, 0, + /* opt state flags */ X509DSAKEYFILE_FLAGS, 0, + /* last opt argumnt */ { NULL }, + /* arg list/cookie */ NULL, + /* must/cannot opts */ NULL, NULL, + /* option proc */ doOptX509dsakeyfile, + /* desc, NAME, name */ zX509dsakeyfileText, zX509dsakeyfile_NAME, zX509dsakeyfile_Name, + /* disablement strs */ NULL, NULL }, + + { /* entry idx, value */ 22, VALUE_OPT_X509DSACERTFILE, + /* equiv idx, value */ 22, VALUE_OPT_X509DSACERTFILE, + /* equivalenced to */ NO_EQUIVALENT, + /* min, max, act ct */ 0, 1, 0, + /* opt state flags */ X509DSACERTFILE_FLAGS, 0, + /* last opt argumnt */ { NULL }, + /* arg list/cookie */ NULL, + /* must/cannot opts */ NULL, NULL, + /* option proc */ doOptX509dsacertfile, + /* desc, NAME, name */ zX509dsacertfileText, zX509dsacertfile_NAME, zX509dsacertfile_Name, + /* disablement strs */ NULL, NULL }, + + { /* entry idx, value */ 23, VALUE_OPT_X509ECCKEYFILE, + /* equiv idx, value */ 23, VALUE_OPT_X509ECCKEYFILE, + /* equivalenced to */ NO_EQUIVALENT, + /* min, max, act ct */ 0, 1, 0, + /* opt state flags */ X509ECCKEYFILE_FLAGS, 0, + /* last opt argumnt */ { NULL }, + /* arg list/cookie */ NULL, + /* must/cannot opts */ NULL, NULL, + /* option proc */ doOptX509ecckeyfile, + /* desc, NAME, name */ zX509ecckeyfileText, zX509ecckeyfile_NAME, zX509ecckeyfile_Name, + /* disablement strs */ NULL, NULL }, + + { /* entry idx, value */ 24, VALUE_OPT_X509ECCCERTFILE, + /* equiv idx, value */ 24, VALUE_OPT_X509ECCCERTFILE, + /* equivalenced to */ NO_EQUIVALENT, + /* min, max, act ct */ 0, 1, 0, + /* opt state flags */ X509ECCCERTFILE_FLAGS, 0, + /* last opt argumnt */ { NULL }, + /* arg list/cookie */ NULL, + /* must/cannot opts */ NULL, NULL, + /* option proc */ doOptX509ecccertfile, + /* desc, NAME, name */ zX509ecccertfileText, zX509ecccertfile_NAME, zX509ecccertfile_Name, + /* disablement strs */ NULL, NULL }, + + { /* entry idx, value */ 25, VALUE_OPT_PGPSUBKEY, + /* equiv idx, value */ 25, VALUE_OPT_PGPSUBKEY, + /* equivalenced to */ NO_EQUIVALENT, + /* min, max, act ct */ 0, 1, 0, + /* opt state flags */ PGPSUBKEY_FLAGS, 0, + /* last opt argumnt */ { NULL }, + /* arg list/cookie */ NULL, + /* must/cannot opts */ NULL, NULL, + /* option proc */ NULL, + /* desc, NAME, name */ zPgpsubkeyText, zPgpsubkey_NAME, zPgpsubkey_Name, + /* disablement strs */ NULL, NULL }, + + { /* entry idx, value */ 26, VALUE_OPT_SRPPASSWD, + /* equiv idx, value */ 26, VALUE_OPT_SRPPASSWD, + /* equivalenced to */ NO_EQUIVALENT, + /* min, max, act ct */ 0, 1, 0, + /* opt state flags */ SRPPASSWD_FLAGS, 0, + /* last opt argumnt */ { NULL }, + /* arg list/cookie */ NULL, + /* must/cannot opts */ NULL, NULL, + /* option proc */ doOptSrppasswd, + /* desc, NAME, name */ zSrppasswdText, zSrppasswd_NAME, zSrppasswd_Name, + /* disablement strs */ NULL, NULL }, + + { /* entry idx, value */ 27, VALUE_OPT_SRPPASSWDCONF, + /* equiv idx, value */ 27, VALUE_OPT_SRPPASSWDCONF, + /* equivalenced to */ NO_EQUIVALENT, + /* min, max, act ct */ 0, 1, 0, + /* opt state flags */ SRPPASSWDCONF_FLAGS, 0, + /* last opt argumnt */ { NULL }, + /* arg list/cookie */ NULL, + /* must/cannot opts */ NULL, NULL, + /* option proc */ doOptSrppasswdconf, + /* desc, NAME, name */ zSrppasswdconfText, zSrppasswdconf_NAME, zSrppasswdconf_Name, + /* disablement strs */ NULL, NULL }, + + { /* entry idx, value */ 28, VALUE_OPT_PSKPASSWD, + /* equiv idx, value */ 28, VALUE_OPT_PSKPASSWD, + /* equivalenced to */ NO_EQUIVALENT, + /* min, max, act ct */ 0, 1, 0, + /* opt state flags */ PSKPASSWD_FLAGS, 0, + /* last opt argumnt */ { NULL }, + /* arg list/cookie */ NULL, + /* must/cannot opts */ NULL, NULL, + /* option proc */ doOptPskpasswd, + /* desc, NAME, name */ zPskpasswdText, zPskpasswd_NAME, zPskpasswd_Name, + /* disablement strs */ NULL, NULL }, + + { /* entry idx, value */ 29, VALUE_OPT_PSKHINT, + /* equiv idx, value */ 29, VALUE_OPT_PSKHINT, + /* equivalenced to */ NO_EQUIVALENT, + /* min, max, act ct */ 0, 1, 0, + /* opt state flags */ PSKHINT_FLAGS, 0, + /* last opt argumnt */ { NULL }, + /* arg list/cookie */ NULL, + /* must/cannot opts */ NULL, NULL, + /* option proc */ NULL, + /* desc, NAME, name */ zPskhintText, zPskhint_NAME, zPskhint_Name, + /* disablement strs */ NULL, NULL }, + + { /* entry idx, value */ 30, VALUE_OPT_PORT, + /* equiv idx, value */ 30, VALUE_OPT_PORT, + /* equivalenced to */ NO_EQUIVALENT, + /* min, max, act ct */ 0, 1, 0, + /* opt state flags */ PORT_FLAGS, 0, + /* last opt argumnt */ { NULL }, + /* arg list/cookie */ NULL, + /* must/cannot opts */ NULL, NULL, + /* option proc */ optionNumericVal, + /* desc, NAME, name */ zPortText, zPort_NAME, zPort_Name, + /* disablement strs */ NULL, NULL }, + + { /* entry idx, value */ 31, VALUE_OPT_LIST, + /* equiv idx, value */ 31, VALUE_OPT_LIST, + /* equivalenced to */ NO_EQUIVALENT, + /* min, max, act ct */ 0, 1, 0, + /* opt state flags */ LIST_FLAGS, 0, + /* last opt argumnt */ { NULL }, + /* arg list/cookie */ NULL, + /* must/cannot opts */ NULL, NULL, + /* option proc */ NULL, + /* desc, NAME, name */ zListText, zList_NAME, zList_Name, + /* disablement strs */ NULL, NULL }, + + { /* entry idx, value */ INDEX_OPT_VERSION, VALUE_OPT_VERSION, + /* equiv idx value */ NO_EQUIVALENT, 0, + /* equivalenced to */ NO_EQUIVALENT, + /* min, max, act ct */ 0, 1, 0, + /* opt state flags */ OPTST_VERSION_FLAGS, 0, + /* last opt argumnt */ { NULL }, + /* arg list/cookie */ NULL, + /* must/cannot opts */ NULL, NULL, + /* option proc */ optionPrintVersion, + /* desc, NAME, name */ zVersionText, NULL, zVersion_Name, + /* disablement strs */ NULL, NULL }, + + + + { /* entry idx, value */ INDEX_OPT_HELP, VALUE_OPT_HELP, + /* equiv idx value */ NO_EQUIVALENT, 0, + /* equivalenced to */ NO_EQUIVALENT, + /* min, max, act ct */ 0, 1, 0, + /* opt state flags */ OPTST_IMM | OPTST_NO_INIT, 0, + /* last opt argumnt */ { NULL }, + /* arg list/cookie */ NULL, + /* must/cannot opts */ NULL, NULL, + /* option proc */ doUsageOpt, + /* desc, NAME, name */ zHelpText, NULL, zHelp_Name, + /* disablement strs */ NULL, NULL }, + + { /* entry idx, value */ INDEX_OPT_MORE_HELP, VALUE_OPT_MORE_HELP, + /* equiv idx value */ NO_EQUIVALENT, 0, + /* equivalenced to */ NO_EQUIVALENT, + /* min, max, act ct */ 0, 1, 0, + /* opt state flags */ OPTST_MORE_HELP_FLAGS, 0, + /* last opt argumnt */ { NULL }, + /* arg list/cookie */ NULL, + /* must/cannot opts */ NULL, NULL, + /* option proc */ optionPagedUsage, + /* desc, NAME, name */ zMore_HelpText, NULL, zMore_Help_Name, + /* disablement strs */ NULL, NULL } +}; + +/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * + * + * Define the Gnutls_Serv Option Environment + */ +static char const zPROGNAME[12] = "GNUTLS_SERV"; +static char const zUsageTitle[101] = +"gnutls-serv - GnuTLS server - Ver. 3.0.12\n\ +USAGE: %s [ - [] | --[{=| }] ]... \n"; +#define zRcName NULL +#define apzHomeList NULL + +static char const zBugsAddr[19] = "bug-gnutls@gnu.org"; +#define zExplain NULL +static char const zDetail[65] = "\n\ +Server program that listens to incoming TLS connections.\n"; +static char const zFullVersion[] = GNUTLS_SERV_FULL_VERSION; +/* extracted from optcode.tlib near line 515 */ + +#if defined(ENABLE_NLS) +# define OPTPROC_BASE OPTPROC_TRANSLATE + static tOptionXlateProc translate_option_strings; +#else +# define OPTPROC_BASE OPTPROC_NONE +# define translate_option_strings NULL +#endif /* ENABLE_NLS */ + + +#define gnutls_serv_full_usage NULL +static char const gnutls_serv_short_usage[] = + "Usage: gnutls-serv [options]\n\ +gnutls-serv --help for usage instructions.\n"; + +#ifndef PKGDATADIR +# define PKGDATADIR "" +#endif + +#ifndef WITH_PACKAGER +# define gnutls_serv_packager_info NULL +#else +static char const gnutls_serv_packager_info[] = + "Packaged by " WITH_PACKAGER + +# ifdef WITH_PACKAGER_VERSION + " ("WITH_PACKAGER_VERSION")" +# endif + +# ifdef WITH_PACKAGER_BUG_REPORTS + "\nReport gnutls_serv bugs to " WITH_PACKAGER_BUG_REPORTS +# endif + "\n"; +#endif + +tOptions gnutls_servOptions = { + OPTIONS_STRUCT_VERSION, + 0, NULL, /* original argc + argv */ + ( OPTPROC_BASE + + OPTPROC_ERRSTOP + + OPTPROC_SHORTOPT + + OPTPROC_LONGOPT + + OPTPROC_NO_REQ_OPT + + OPTPROC_ARGS_REQ + + OPTPROC_REORDER + + OPTPROC_GNUUSAGE + + OPTPROC_MISUSE ), + 0, NULL, /* current option index, current option */ + NULL, NULL, zPROGNAME, + zRcName, zCopyright, zLicenseDescrip, + zFullVersion, apzHomeList, zUsageTitle, + zExplain, zDetail, optDesc, + zBugsAddr, /* address to send bugs to */ + NULL, NULL, /* extensions/saved state */ + optionUsage, /* usage procedure */ + translate_option_strings, /* translation procedure */ + /* + * Indexes to special options + */ + { INDEX_OPT_MORE_HELP, /* more-help option index */ + NO_EQUIVALENT, /* save option index */ + NO_EQUIVALENT, /* '-#' option index */ + NO_EQUIVALENT /* index of default opt */ + }, + 35 /* full option count */, 32 /* user option count */, + gnutls_serv_full_usage, gnutls_serv_short_usage, + NULL, NULL, + PKGDATADIR, gnutls_serv_packager_info +}; + +/* + * Create the static procedure(s) declared above. + */ +static void +doUsageOpt(tOptions * pOptions, tOptDesc * pOptDesc) +{ + (void)pOptions; + USAGE(GNUTLS_SERV_EXIT_SUCCESS); +} + +/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * + * + * For the debug option. + */ +static void +doOptDebug(tOptions* pOptions, tOptDesc* pOptDesc) +{ + static const struct {long const rmin, rmax;} rng[1] = { + { 0 , 9999 } }; + int ix; + + if (pOptions <= OPTPROC_EMIT_LIMIT) + goto emit_ranges; + optionNumericVal(pOptions, pOptDesc); + + for (ix = 0; ix < 1; ix++) { + if (pOptDesc->optArg.argInt < rng[ix].rmin) + continue; /* ranges need not be ordered. */ + if (pOptDesc->optArg.argInt == rng[ix].rmin) + return; + if (rng[ix].rmax == LONG_MIN) + continue; + if (pOptDesc->optArg.argInt <= rng[ix].rmax) + return; + } + + option_usage_fp = stderr; + +emit_ranges: + + optionShowRange(pOptions, pOptDesc, (void *)rng, 1); +} + +/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * + * + * For the mtu option. + */ +static void +doOptMtu(tOptions* pOptions, tOptDesc* pOptDesc) +{ + static const struct {long const rmin, rmax;} rng[1] = { + { 0, 17000 } }; + int ix; + + if (pOptions <= OPTPROC_EMIT_LIMIT) + goto emit_ranges; + optionNumericVal(pOptions, pOptDesc); + + for (ix = 0; ix < 1; ix++) { + if (pOptDesc->optArg.argInt < rng[ix].rmin) + continue; /* ranges need not be ordered. */ + if (pOptDesc->optArg.argInt == rng[ix].rmin) + return; + if (rng[ix].rmax == LONG_MIN) + continue; + if (pOptDesc->optArg.argInt <= rng[ix].rmax) + return; + } + + option_usage_fp = stderr; + +emit_ranges: + + optionShowRange(pOptions, pOptDesc, (void *)rng, 1); +} + +/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * + * + * For the dhparams option. + */ +static void +doOptDhparams(tOptions* pOptions, tOptDesc* pOptDesc) +{ + static teOptFileType const type = + FTYPE_MODE_MAY_EXIST + FTYPE_MODE_NO_OPEN; + static tuFileMode mode; +#ifndef O_CLOEXEC +# define O_CLOEXEC 0 +#endif + mode.file_flags = O_CLOEXEC; + + optionFileCheck(pOptions, pOptDesc, type, mode); +} + +/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * + * + * For the x509cafile option. + */ +static void +doOptX509cafile(tOptions* pOptions, tOptDesc* pOptDesc) +{ + static teOptFileType const type = + FTYPE_MODE_MAY_EXIST + FTYPE_MODE_NO_OPEN; + static tuFileMode mode; +#ifndef O_CLOEXEC +# define O_CLOEXEC 0 +#endif + mode.file_flags = O_CLOEXEC; + + optionFileCheck(pOptions, pOptDesc, type, mode); +} + +/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * + * + * For the x509crlfile option. + */ +static void +doOptX509crlfile(tOptions* pOptions, tOptDesc* pOptDesc) +{ + static teOptFileType const type = + FTYPE_MODE_MAY_EXIST + FTYPE_MODE_NO_OPEN; + static tuFileMode mode; +#ifndef O_CLOEXEC +# define O_CLOEXEC 0 +#endif + mode.file_flags = O_CLOEXEC; + + optionFileCheck(pOptions, pOptDesc, type, mode); +} + +/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * + * + * For the pgpkeyfile option. + */ +static void +doOptPgpkeyfile(tOptions* pOptions, tOptDesc* pOptDesc) +{ + static teOptFileType const type = + FTYPE_MODE_MAY_EXIST + FTYPE_MODE_NO_OPEN; + static tuFileMode mode; +#ifndef O_CLOEXEC +# define O_CLOEXEC 0 +#endif + mode.file_flags = O_CLOEXEC; + + optionFileCheck(pOptions, pOptDesc, type, mode); +} + +/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * + * + * For the pgpkeyring option. + */ +static void +doOptPgpkeyring(tOptions* pOptions, tOptDesc* pOptDesc) +{ + static teOptFileType const type = + FTYPE_MODE_MAY_EXIST + FTYPE_MODE_NO_OPEN; + static tuFileMode mode; +#ifndef O_CLOEXEC +# define O_CLOEXEC 0 +#endif + mode.file_flags = O_CLOEXEC; + + optionFileCheck(pOptions, pOptDesc, type, mode); +} + +/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * + * + * For the pgpcertfile option. + */ +static void +doOptPgpcertfile(tOptions* pOptions, tOptDesc* pOptDesc) +{ + static teOptFileType const type = + FTYPE_MODE_MAY_EXIST + FTYPE_MODE_NO_OPEN; + static tuFileMode mode; +#ifndef O_CLOEXEC +# define O_CLOEXEC 0 +#endif + mode.file_flags = O_CLOEXEC; + + optionFileCheck(pOptions, pOptDesc, type, mode); +} + +/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * + * + * For the x509keyfile option. + */ +static void +doOptX509keyfile(tOptions* pOptions, tOptDesc* pOptDesc) +{ + static teOptFileType const type = + FTYPE_MODE_MAY_EXIST + FTYPE_MODE_NO_OPEN; + static tuFileMode mode; +#ifndef O_CLOEXEC +# define O_CLOEXEC 0 +#endif + mode.file_flags = O_CLOEXEC; + + optionFileCheck(pOptions, pOptDesc, type, mode); +} + +/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * + * + * For the x509certfile option. + */ +static void +doOptX509certfile(tOptions* pOptions, tOptDesc* pOptDesc) +{ + static teOptFileType const type = + FTYPE_MODE_MAY_EXIST + FTYPE_MODE_NO_OPEN; + static tuFileMode mode; +#ifndef O_CLOEXEC +# define O_CLOEXEC 0 +#endif + mode.file_flags = O_CLOEXEC; + + optionFileCheck(pOptions, pOptDesc, type, mode); +} + +/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * + * + * For the x509dsakeyfile option. + */ +static void +doOptX509dsakeyfile(tOptions* pOptions, tOptDesc* pOptDesc) +{ + static teOptFileType const type = + FTYPE_MODE_MAY_EXIST + FTYPE_MODE_NO_OPEN; + static tuFileMode mode; +#ifndef O_CLOEXEC +# define O_CLOEXEC 0 +#endif + mode.file_flags = O_CLOEXEC; + + optionFileCheck(pOptions, pOptDesc, type, mode); +} + +/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * + * + * For the x509dsacertfile option. + */ +static void +doOptX509dsacertfile(tOptions* pOptions, tOptDesc* pOptDesc) +{ + static teOptFileType const type = + FTYPE_MODE_MAY_EXIST + FTYPE_MODE_NO_OPEN; + static tuFileMode mode; +#ifndef O_CLOEXEC +# define O_CLOEXEC 0 +#endif + mode.file_flags = O_CLOEXEC; + + optionFileCheck(pOptions, pOptDesc, type, mode); +} + +/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * + * + * For the x509ecckeyfile option. + */ +static void +doOptX509ecckeyfile(tOptions* pOptions, tOptDesc* pOptDesc) +{ + static teOptFileType const type = + FTYPE_MODE_MAY_EXIST + FTYPE_MODE_NO_OPEN; + static tuFileMode mode; +#ifndef O_CLOEXEC +# define O_CLOEXEC 0 +#endif + mode.file_flags = O_CLOEXEC; + + optionFileCheck(pOptions, pOptDesc, type, mode); +} + +/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * + * + * For the x509ecccertfile option. + */ +static void +doOptX509ecccertfile(tOptions* pOptions, tOptDesc* pOptDesc) +{ + static teOptFileType const type = + FTYPE_MODE_MAY_EXIST + FTYPE_MODE_NO_OPEN; + static tuFileMode mode; +#ifndef O_CLOEXEC +# define O_CLOEXEC 0 +#endif + mode.file_flags = O_CLOEXEC; + + optionFileCheck(pOptions, pOptDesc, type, mode); +} + +/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * + * + * For the srppasswd option. + */ +static void +doOptSrppasswd(tOptions* pOptions, tOptDesc* pOptDesc) +{ + static teOptFileType const type = + FTYPE_MODE_MAY_EXIST + FTYPE_MODE_NO_OPEN; + static tuFileMode mode; +#ifndef O_CLOEXEC +# define O_CLOEXEC 0 +#endif + mode.file_flags = O_CLOEXEC; + + optionFileCheck(pOptions, pOptDesc, type, mode); +} + +/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * + * + * For the srppasswdconf option. + */ +static void +doOptSrppasswdconf(tOptions* pOptions, tOptDesc* pOptDesc) +{ + static teOptFileType const type = + FTYPE_MODE_MAY_EXIST + FTYPE_MODE_NO_OPEN; + static tuFileMode mode; +#ifndef O_CLOEXEC +# define O_CLOEXEC 0 +#endif + mode.file_flags = O_CLOEXEC; + + optionFileCheck(pOptions, pOptDesc, type, mode); +} + +/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * + * + * For the pskpasswd option. + */ +static void +doOptPskpasswd(tOptions* pOptions, tOptDesc* pOptDesc) +{ + static teOptFileType const type = + FTYPE_MODE_MAY_EXIST + FTYPE_MODE_NO_OPEN; + static tuFileMode mode; +#ifndef O_CLOEXEC +# define O_CLOEXEC 0 +#endif + mode.file_flags = O_CLOEXEC; + + optionFileCheck(pOptions, pOptDesc, type, mode); +} +/* extracted from optcode.tlib near line 666 */ + +#if ENABLE_NLS +#include +#include +#include +#include +#include + +static char* AO_gettext(char const* pz); +static void coerce_it(void** s); + +static char* +AO_gettext(char const* pz) +{ + char* pzRes; + if (pz == NULL) + return NULL; + pzRes = _(pz); + if (pzRes == pz) + return pzRes; + pzRes = strdup(pzRes); + if (pzRes == NULL) { + fputs(_("No memory for duping translated strings\n"), stderr); + exit(GNUTLS_SERV_EXIT_FAILURE); + } + return pzRes; +} + +static void coerce_it(void** s) { *s = AO_gettext(*s); +} + +/* + * This invokes the translation code (e.g. gettext(3)). + */ +static void +translate_option_strings(void) +{ + tOptions * const pOpt = &gnutls_servOptions; + + /* + * Guard against re-translation. It won't work. The strings will have + * been changed by the first pass through this code. One shot only. + */ + if (option_usage_text.field_ct != 0) { + /* + * Do the translations. The first pointer follows the field count + * field. The field count field is the size of a pointer. + */ + tOptDesc * pOD = pOpt->pOptDesc; + char ** ppz = (char**)(void*)&(option_usage_text); + int ix = option_usage_text.field_ct; + + do { + ppz++; + *ppz = AO_gettext(*ppz); + } while (--ix > 0); + + coerce_it((void*)&(pOpt->pzCopyright)); + coerce_it((void*)&(pOpt->pzCopyNotice)); + coerce_it((void*)&(pOpt->pzFullVersion)); + coerce_it((void*)&(pOpt->pzUsageTitle)); + coerce_it((void*)&(pOpt->pzExplain)); + coerce_it((void*)&(pOpt->pzDetail)); + coerce_it((void*)&(pOpt->pzPackager)); + coerce_it((void*)&(pOpt->pzShortUsage)); + option_usage_text.field_ct = 0; + + for (ix = pOpt->optCt; ix > 0; ix--, pOD++) + coerce_it((void*)&(pOD->pzText)); + } + + if ((pOpt->fOptSet & OPTPROC_NXLAT_OPT_CFG) == 0) { + tOptDesc * pOD = pOpt->pOptDesc; + int ix; + + for (ix = pOpt->optCt; ix > 0; ix--, pOD++) { + coerce_it((void*)&(pOD->pz_Name)); + coerce_it((void*)&(pOD->pz_DisableName)); + coerce_it((void*)&(pOD->pz_DisablePfx)); + } + /* prevent re-translation */ + gnutls_servOptions.fOptSet |= OPTPROC_NXLAT_OPT_CFG | OPTPROC_NXLAT_OPT; + } +} + +#endif /* ENABLE_NLS */ + +#ifdef __cplusplus +} +#endif +/* serv-args.c ends here */ diff --git a/src/serv-args.def.in b/src/serv-args.def.in new file mode 100644 index 0000000000..00da5d96a9 --- /dev/null +++ b/src/serv-args.def.in @@ -0,0 +1,276 @@ +AutoGen Definitions options; +prog-name = gnutls-serv; +prog-title = "GnuTLS server"; +prog-desc = "Simple server program to act as an HTTPS or TLS echo service."; +short-usage = "Usage: gnutls-serv [options]\ngnutls-serv --help for usage instructions.\n"; +prog-group = "GnuTLS"; +detail = "Server program that listens to incoming TLS connections."; +gnu-usage; +no-misuse-usage; +disable-save; +reorder-args; +argument; +long-opts; +config-header = 'config.h'; +export = '#include '; + +copyright = { + date = "2000-2012"; + owner = "Free Software Foundation"; + author = "Nikos Mavrogiannopoulos and Simon Josefsson"; + eaddr = "bug-gnutls@gnu.org"; + type = gpl; +}; +version = "@VERSION@"; + +flag = { + name = debug; + value = d; + arg-type = number; + arg-range = "0 -> 9999"; + descrip = "Enable debugging"; + doc = ""; +}; + +flag = { + name = noticket; + descrip = "Don't accept session tickets"; + doc = ""; +}; + +flag = { + name = generate; + value = g; + descrip = "Generate Diffie-Hellman and RSA-export parameters"; + doc = ""; +}; + +flag = { + name = quiet; + value = q; + descrip = "Suppress some messages"; + doc = ""; +}; + +flag = { + name = nodb; + descrip = "Do not use a resumption database"; + doc = ""; +}; + +flag = { + name = http; + descrip = "Act as an HTTP server"; + doc = ""; +}; + +flag = { + name = echo; + descrip = "Act as an Echo server"; + doc = ""; +}; + +flag = { + name = udp; + value = u; + descrip = "Use DTLS (datagram TLS) over UDP"; + doc = ""; +}; + +flag = { + name = mtu; + arg-type = number; + arg-range = "0->17000"; + descrip = "Set MTU for datagram TLS"; + doc = ""; +}; + +flag = { + name = disable-client-cert; + value = a; + descrip = "Do not request a client certificate"; + doc = ""; +}; + +flag = { + name = require-client-cert; + value = r; + descrip = "Require a client certificate"; + doc = ""; +}; + +flag = { + name = x509fmtder; + descrip = "Use DER format for certificates to read from"; + doc = ""; +}; + +flag = { + name = priority; + arg-type = string; + descrip = "Priorities string"; + doc = "TLS algorithms and protocols to enable. You can +use predefined sets of ciphersuites such as PERFORMANCE, +NORMAL, SECURE128, SECURE256. + +Check the GnuTLS manual on section ``Priority strings'' for more +information on allowed keywords"; +}; + +flag = { + name = dhparams; + arg-type = file; + file-exists; + descrip = "DH params file to use"; + doc = ""; +}; + +flag = { + name = x509cafile; + arg-type = file; + file-exists; + descrip = "Certificate file or PKCS #11 URL to use"; + doc = ""; +}; + +flag = { + name = x509crlfile; + arg-type = file; + file-exists; + descrip = "CRL file to use"; + doc = ""; +}; + +flag = { + name = pgpkeyfile; + arg-type = file; + file-exists; + descrip = "PGP Key file to use"; + doc = ""; +}; + +flag = { + name = pgpkeyring; + arg-type = file; + file-exists; + descrip = "PGP Key ring file to use"; + doc = ""; +}; + +flag = { + name = pgpcertfile; + arg-type = file; + file-exists; + descrip = "PGP Public Key (certificate) file to use"; + doc = ""; +}; + +flag = { + name = x509keyfile; + arg-type = file; + file-exists; + descrip = "X.509 key file or PKCS #11 URL to use"; + doc = ""; +}; + +flag = { + name = x509certfile; + arg-type = file; + file-exists; + descrip = "X.509 Certificate file or PKCS #11 URL to use"; + doc = ""; +}; + +flag = { + name = x509dsakeyfile; + arg-type = file; + file-exists; + descrip = "Alternative X.509 key file or PKCS #11 URL to use"; + doc = ""; +}; + +flag = { + name = x509dsacertfile; + arg-type = file; + file-exists; + descrip = "Alternative X.509 Certificate file or PKCS #11 URL to use"; + doc = ""; +}; + +flag = { + name = x509ecckeyfile; + arg-type = file; + file-exists; + descrip = "Alternative X.509 key file or PKCS #11 URL to use"; + doc = ""; +}; + +flag = { + name = x509ecccertfile; + arg-type = file; + file-exists; + descrip = "Alternative X.509 Certificate file or PKCS #11 URL to use"; + doc = ""; +}; + +flag = { + name = pgpsubkey; + arg-type = string; + descrip = "PGP subkey to use (hex or auto)"; + doc = ""; +}; + +flag = { + name = srppasswd; + arg-type = file; + file-exists; + descrip = "SRP password file to use"; + doc = ""; +}; + +flag = { + name = srppasswdconf; + arg-type = file; + file-exists; + descrip = "SRP password configuration file to use"; + doc = ""; +}; + +flag = { + name = pskpasswd; + arg-type = file; + file-exists; + descrip = "PSK password file to use"; + doc = ""; +}; + +flag = { + name = pskhint; + arg-type = string; + descrip = "PSK identity hint to use"; + doc = ""; +}; + +flag = { + name = port; + value = p; + arg-type = number; + descrip = "The port to connect to"; + doc = ""; +}; + +flag = { + name = list; + value = l; + arg-type = string; + descrip = "Print a list of the supported algorithms and modes"; + doc = "Print a list of the supported algorithms and modes. If a priority string is given then only the enabled ciphersuites are shown."; +}; + +doc-section = { + ds-type = 'SEE ALSO'; // or anything else + ds-format = 'man'; // or texi or mdoc format + ds-text = <<-_EOText_ +gnutls-cli-debug(1), gnutls-cli(1) +_EOText_; +}; diff --git a/src/serv-args.h b/src/serv-args.h new file mode 100644 index 0000000000..b663e6b2a4 --- /dev/null +++ b/src/serv-args.h @@ -0,0 +1,248 @@ +/* -*- buffer-read-only: t -*- vi: set ro: + * + * DO NOT EDIT THIS FILE (serv-args.h) + * + * It has been AutoGen-ed January 21, 2012 at 01:58:47 AM by AutoGen 5.12 + * From the definitions serv-args.def + * and the template file options + * + * Generated from AutoOpts 35:0:10 templates. + * + * AutoOpts is a copyrighted work. This header file is not encumbered + * by AutoOpts licensing, but is provided under the licensing terms chosen + * by the gnutls-serv author or copyright holder. AutoOpts is + * licensed under the terms of the LGPL. The redistributable library + * (``libopts'') is licensed under the terms of either the LGPL or, at the + * users discretion, the BSD license. See the AutoOpts and/or libopts sources + * for details. + * + * This source file is copyrighted and licensed under the following terms: + * + * Copyright (C) 2000-2012 Free Software Foundation, all rights reserved. + * This is free software. It is licensed for use, modification and + * redistribution under the terms of the + * GNU General Public License, version 3 or later + * + * +PFX>gnutls-serv is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * gnutls-serv is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + * See the GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program. If not, see . + */ +/* + * This file contains the programmatic interface to the Automated + * Options generated for the gnutls-serv program. + * These macros are documented in the AutoGen info file in the + * "AutoOpts" chapter. Please refer to that doc for usage help. + */ +#ifndef AUTOOPTS_SERV_ARGS_H_GUARD +#define AUTOOPTS_SERV_ARGS_H_GUARD 1 +#include "config.h" +#include + +/* + * Ensure that the library used for compiling this generated header is at + * least as new as the version current when the header template was released + * (not counting patch version increments). Also ensure that the oldest + * tolerable version is at least as old as what was current when the header + * template was released. + */ +#define AO_TEMPLATE_VERSION 143360 +#if (AO_TEMPLATE_VERSION < OPTIONS_MINIMUM_VERSION) \ + || (AO_TEMPLATE_VERSION > OPTIONS_STRUCT_VERSION) +# error option template version mismatches autoopts/options.h header + Choke Me. +#endif + +/* + * Enumeration of each option: + */ +typedef enum { + INDEX_OPT_DEBUG = 0, + INDEX_OPT_NOTICKET = 1, + INDEX_OPT_GENERATE = 2, + INDEX_OPT_QUIET = 3, + INDEX_OPT_NODB = 4, + INDEX_OPT_HTTP = 5, + INDEX_OPT_ECHO = 6, + INDEX_OPT_UDP = 7, + INDEX_OPT_MTU = 8, + INDEX_OPT_DISABLE_CLIENT_CERT = 9, + INDEX_OPT_REQUIRE_CLIENT_CERT = 10, + INDEX_OPT_X509FMTDER = 11, + INDEX_OPT_PRIORITY = 12, + INDEX_OPT_DHPARAMS = 13, + INDEX_OPT_X509CAFILE = 14, + INDEX_OPT_X509CRLFILE = 15, + INDEX_OPT_PGPKEYFILE = 16, + INDEX_OPT_PGPKEYRING = 17, + INDEX_OPT_PGPCERTFILE = 18, + INDEX_OPT_X509KEYFILE = 19, + INDEX_OPT_X509CERTFILE = 20, + INDEX_OPT_X509DSAKEYFILE = 21, + INDEX_OPT_X509DSACERTFILE = 22, + INDEX_OPT_X509ECCKEYFILE = 23, + INDEX_OPT_X509ECCCERTFILE = 24, + INDEX_OPT_PGPSUBKEY = 25, + INDEX_OPT_SRPPASSWD = 26, + INDEX_OPT_SRPPASSWDCONF = 27, + INDEX_OPT_PSKPASSWD = 28, + INDEX_OPT_PSKHINT = 29, + INDEX_OPT_PORT = 30, + INDEX_OPT_LIST = 31, + INDEX_OPT_VERSION = 32, + INDEX_OPT_HELP = 33, + INDEX_OPT_MORE_HELP = 34 +} teOptIndex; + +#define OPTION_CT 35 +#define GNUTLS_SERV_VERSION "3.0.12" +#define GNUTLS_SERV_FULL_VERSION "gnutls-serv 3.0.12" + +/* + * Interface defines for all options. Replace "n" with the UPPER_CASED + * option name (as in the teOptIndex enumeration above). + * e.g. HAVE_OPT(DEBUG) + */ +#define DESC(n) (gnutls_servOptions.pOptDesc[INDEX_OPT_## n]) +#define HAVE_OPT(n) (! UNUSED_OPT(& DESC(n))) +#define OPT_ARG(n) (DESC(n).optArg.argString) +#define STATE_OPT(n) (DESC(n).fOptState & OPTST_SET_MASK) +#define COUNT_OPT(n) (DESC(n).optOccCt) +#define ISSEL_OPT(n) (SELECTED_OPT(&DESC(n))) +#define ISUNUSED_OPT(n) (UNUSED_OPT(& DESC(n))) +#define ENABLED_OPT(n) (! DISABLED_OPT(& DESC(n))) +#define STACKCT_OPT(n) (((tArgList*)(DESC(n).optCookie))->useCt) +#define STACKLST_OPT(n) (((tArgList*)(DESC(n).optCookie))->apzArgs) +#define CLEAR_OPT(n) STMTS( \ + DESC(n).fOptState &= OPTST_PERSISTENT_MASK; \ + if ((DESC(n).fOptState & OPTST_INITENABLED) == 0) \ + DESC(n).fOptState |= OPTST_DISABLED; \ + DESC(n).optCookie = NULL ) + +/* * * * * * + * + * Enumeration of gnutls-serv exit codes + */ +typedef enum { + GNUTLS_SERV_EXIT_SUCCESS = 0, + GNUTLS_SERV_EXIT_FAILURE = 1 +} gnutls_serv_exit_code_t; +/* * * * * * + * + * Interface defines for specific options. + */ +#define VALUE_OPT_DEBUG 'd' + +#define OPT_VALUE_DEBUG (DESC(DEBUG).optArg.argInt) +#define VALUE_OPT_NOTICKET 1 +#define VALUE_OPT_GENERATE 'g' +#define VALUE_OPT_QUIET 'q' +#define VALUE_OPT_NODB 4 +#define VALUE_OPT_HTTP 5 +#define VALUE_OPT_ECHO 6 +#define VALUE_OPT_UDP 'u' +#define VALUE_OPT_MTU 8 + +#define OPT_VALUE_MTU (DESC(MTU).optArg.argInt) +#define VALUE_OPT_DISABLE_CLIENT_CERT 'a' +#define VALUE_OPT_REQUIRE_CLIENT_CERT 'r' +#define VALUE_OPT_X509FMTDER 11 +#define VALUE_OPT_PRIORITY 12 +#define VALUE_OPT_DHPARAMS 13 +#define VALUE_OPT_X509CAFILE 14 +#define VALUE_OPT_X509CRLFILE 15 +#define VALUE_OPT_PGPKEYFILE 16 +#define VALUE_OPT_PGPKEYRING 17 +#define VALUE_OPT_PGPCERTFILE 18 +#define VALUE_OPT_X509KEYFILE 19 +#define VALUE_OPT_X509CERTFILE 20 +#define VALUE_OPT_X509DSAKEYFILE 21 +#define VALUE_OPT_X509DSACERTFILE 22 +#define VALUE_OPT_X509ECCKEYFILE 23 +#define VALUE_OPT_X509ECCCERTFILE 24 +#define VALUE_OPT_PGPSUBKEY 25 +#define VALUE_OPT_SRPPASSWD 26 +#define VALUE_OPT_SRPPASSWDCONF 27 +#define VALUE_OPT_PSKPASSWD 28 +#define VALUE_OPT_PSKHINT 29 +#define VALUE_OPT_PORT 'p' + +#define OPT_VALUE_PORT (DESC(PORT).optArg.argInt) +#define VALUE_OPT_LIST 'l' +#define VALUE_OPT_HELP '?' +#define VALUE_OPT_MORE_HELP '!' +#define VALUE_OPT_VERSION 'v' +/* + * Interface defines not associated with particular options + */ +#define ERRSKIP_OPTERR STMTS(gnutls_servOptions.fOptSet &= ~OPTPROC_ERRSTOP) +#define ERRSTOP_OPTERR STMTS(gnutls_servOptions.fOptSet |= OPTPROC_ERRSTOP) +#define RESTART_OPT(n) STMTS( \ + gnutls_servOptions.curOptIdx = (n); \ + gnutls_servOptions.pzCurOpt = NULL) +#define START_OPT RESTART_OPT(1) +#define USAGE(c) (*gnutls_servOptions.pUsageProc)(&gnutls_servOptions, c) +/* extracted from opthead.tlib near line 451 */ + +#ifdef __cplusplus +extern "C" { +#endif + +/* * * * * * + * + * Globals exported from the GnuTLS server option definitions + */ +#include + +/* * * * * * + * + * Declare the gnutls-serv option descriptor. + */ +extern tOptions gnutls_servOptions; + +#if defined(ENABLE_NLS) +# ifndef _ +# include +static inline char* aoGetsText(char const* pz) { + if (pz == NULL) return NULL; + return (char*)gettext(pz); +} +# define _(s) aoGetsText(s) +# endif /* _() */ + +# define OPT_NO_XLAT_CFG_NAMES STMTS(gnutls_servOptions.fOptSet |= \ + OPTPROC_NXLAT_OPT_CFG;) +# define OPT_NO_XLAT_OPT_NAMES STMTS(gnutls_servOptions.fOptSet |= \ + OPTPROC_NXLAT_OPT|OPTPROC_NXLAT_OPT_CFG;) + +# define OPT_XLAT_CFG_NAMES STMTS(gnutls_servOptions.fOptSet &= \ + ~(OPTPROC_NXLAT_OPT|OPTPROC_NXLAT_OPT_CFG);) +# define OPT_XLAT_OPT_NAMES STMTS(gnutls_servOptions.fOptSet &= \ + ~OPTPROC_NXLAT_OPT;) + +#else /* ENABLE_NLS */ +# define OPT_NO_XLAT_CFG_NAMES +# define OPT_NO_XLAT_OPT_NAMES + +# define OPT_XLAT_CFG_NAMES +# define OPT_XLAT_OPT_NAMES + +# ifndef _ +# define _(_s) _s +# endif +#endif /* ENABLE_NLS */ + +#ifdef __cplusplus +} +#endif +#endif /* AUTOOPTS_SERV_ARGS_H_GUARD */ +/* serv-args.h ends here */ diff --git a/src/serv.c b/src/serv.c index ee4e9530af..e0ed4a4a70 100644 --- a/src/serv.c +++ b/src/serv.c @@ -26,7 +26,7 @@ #include #include "common.h" -#include "serv-gaa.h" +#include "serv-args.h" #include #include #include @@ -56,7 +56,7 @@ static int generate = 0; static int http = 0; static int x509ctype; -static int debug; +static int debug = 0; int verbose; static int nodb; @@ -64,21 +64,21 @@ static int noticket; int require_cert; int disable_client_cert; -char *psk_passwd; -char *srp_passwd; -char *srp_passwd_conf; -char *pgp_keyring; -char *pgp_keyfile; -char *pgp_certfile; -char *x509_keyfile; -char *x509_certfile; -char *x509_dsakeyfile; -char *x509_dsacertfile; -char *x509_ecckeyfile; -char *x509_ecccertfile; -char *x509_cafile; -char *dh_params_file; -char *x509_crlfile = NULL; +const char *psk_passwd = NULL; +const char *srp_passwd = NULL; +const char *srp_passwd_conf = NULL; +const char *pgp_keyring = NULL; +const char *pgp_keyfile = NULL; +const char *pgp_certfile = NULL; +const char *x509_keyfile = NULL; +const char *x509_certfile = NULL; +const char *x509_dsakeyfile = NULL; +const char *x509_dsacertfile = NULL; +const char *x509_ecckeyfile = NULL; +const char *x509_ecccertfile = NULL; +const char *x509_cafile = NULL; +const char *dh_params_file = NULL; +const char *x509_crlfile = NULL; gnutls_datum_t session_ticket_key; static void tcp_server(const char* name, int port); @@ -111,8 +111,6 @@ gnutls_psk_server_credentials_t psk_cred = NULL; gnutls_anon_server_credentials_t dh_cred = NULL; gnutls_certificate_credentials_t cert_cred = NULL; -static gaainfo info; - const int ssl_session_cache = 128; static void wrap_db_init (void); @@ -121,6 +119,8 @@ static int wrap_db_store (void *dbf, gnutls_datum_t key, gnutls_datum_t data); static gnutls_datum_t wrap_db_fetch (void *dbf, gnutls_datum_t key); static int wrap_db_delete (void *dbf, gnutls_datum_t key); +static void cmd_parser (int argc, char **argv); + #define HTTP_STATE_REQUEST 1 #define HTTP_STATE_RESPONSE 2 @@ -331,6 +331,13 @@ gnutls_session_t initialize_session (int dtls) { gnutls_session_t session; const char *err; + const char * priorities; + + if (HAVE_OPT(PRIORITY)) { + priorities = OPT_ARG(PRIORITY); + } else { + priorities = "NORMAL"; + } if (dtls) gnutls_init (&session, GNUTLS_SERVER|GNUTLS_DATAGRAM); @@ -353,7 +360,7 @@ gnutls_session_t initialize_session (int dtls) gnutls_session_ticket_enable_server (session, &session_ticket_key); #endif - if (gnutls_priority_set_direct (session, info.priorities, &err) < 0) + if (gnutls_priority_set_direct (session, priorities, &err) < 0) { fprintf (stderr, "Syntax error at: %s\n", err); exit (1); @@ -898,15 +905,14 @@ tls_audit_log_func (gnutls_session_t session, const char *str) fprintf (stderr, "|<%p>| %s", session, str); } -static void gaa_parser (int argc, char **argv); - int main (int argc, char **argv) { - int ret; + int ret, mtu, port; char name[256]; set_program_name (argv[0]); + cmd_parser(argc, argv); #ifndef _WIN32 signal (SIGPIPE, SIG_IGN); @@ -918,12 +924,12 @@ main (int argc, char **argv) sockets_init (); - gaa_parser (argc, argv); + optionProcess( &gnutls_servOptions, argc, argv); if (nodb == 0) wrap_db_init (); - if (info.udp != 0) + if (ENABLED_OPT(UDP)) strcpy(name, "UDP "); else name[0] = 0; @@ -1018,11 +1024,11 @@ main (int argc, char **argv) } } - if (pgp_certfile != NULL) + if (ENABLED_OPT(PGPCERTFILE)) { - if (info.pgp_subkey != NULL) + if (ENABLED_OPT(PGPSUBKEY)) ret = gnutls_certificate_set_openpgp_key_file2 - (cert_cred, pgp_certfile, pgp_keyfile, info.pgp_subkey, + (cert_cred, pgp_certfile, pgp_keyfile, OPT_ARG(PGPSUBKEY), GNUTLS_OPENPGP_FMT_BASE64); else ret = gnutls_certificate_set_openpgp_key_file @@ -1109,10 +1115,10 @@ main (int argc, char **argv) GERR (ret); } - if (info.psk_hint) + if (ENABLED_OPT(PSKHINT)) { ret = gnutls_psk_set_server_credentials_hint (psk_cred, - info.psk_hint); + OPT_ARG(PSKHINT)); if (ret) { fprintf (stderr, "Error setting PSK identity hint.\n"); @@ -1136,10 +1142,19 @@ main (int argc, char **argv) gnutls_session_ticket_key_generate (&session_ticket_key); #endif - if (info.udp) - udp_server(name, info.port, info.mtu); + if (ENABLED_OPT(MTU)) + mtu = OPT_VALUE_MTU; + else mtu = 1300; + + if (ENABLED_OPT(PORT)) + port = OPT_VALUE_PORT; else - tcp_server(name, info.port); + port = 5556; + + if (ENABLED_OPT(UDP)) + udp_server(name, port, mtu); + else + tcp_server(name, port); } static void tcp_server(const char* name, int port) @@ -1530,56 +1545,66 @@ static void tcp_server(const char* name, int port) } -void -gaa_parser (int argc, char **argv) +static void cmd_parser (int argc, char **argv) { - if (gaa (argc, argv, &info) != -1) - { - fprintf (stderr, - "Error in the arguments. Use the --help or -h parameters to get more information.\n"); - exit (1); - } + disable_client_cert = ENABLED_OPT(DISABLE_CLIENT_CERT); + require_cert = ENABLED_OPT(REQUIRE_CLIENT_CERT); + if (ENABLED_OPT(DEBUG)) + debug = OPT_VALUE_DEBUG; - disable_client_cert = info.disable_client_cert; - require_cert = info.require_cert; - debug = info.debug; - verbose = info.quiet; - nodb = info.nodb; - noticket = info.noticket; + verbose = !ENABLED_OPT(QUIET); + nodb = ENABLED_OPT(NODB); + noticket = ENABLED_OPT(NOTICKET); - if (info.http == 0) - http = 0; - else - http = 1; + http = ENABLED_OPT(HTTP); - if (info.fmtder == 0) - x509ctype = GNUTLS_X509_FMT_PEM; - else + if (ENABLED_OPT(X509FMTDER)) x509ctype = GNUTLS_X509_FMT_DER; - - if (info.generate == 0) - generate = 0; else - generate = 1; - - dh_params_file = info.dh_params_file; - - x509_certfile = info.x509_certfile; - x509_keyfile = info.x509_keyfile; - x509_dsacertfile = info.x509_dsacertfile; - x509_dsakeyfile = info.x509_dsakeyfile; - x509_ecccertfile = info.x509_ecccertfile; - x509_ecckeyfile = info.x509_ecckeyfile; - x509_cafile = info.x509_cafile; - x509_crlfile = info.x509_crlfile; - pgp_certfile = info.pgp_certfile; - pgp_keyfile = info.pgp_keyfile; - srp_passwd = info.srp_passwd; - srp_passwd_conf = info.srp_passwd_conf; - - psk_passwd = info.psk_passwd; - - pgp_keyring = info.pgp_keyring; + x509ctype = GNUTLS_X509_FMT_PEM; + + generate = ENABLED_OPT(GENERATE); + + if (ENABLED_OPT(DHPARAMS)) + dh_params_file = OPT_ARG(DHPARAMS); + + if (HAVE_OPT(X509KEYFILE)) + x509_keyfile = OPT_ARG(X509KEYFILE); + if (HAVE_OPT(X509CERTFILE)) + x509_certfile = OPT_ARG(X509CERTFILE); + + if (HAVE_OPT(X509DSAKEYFILE)) + x509_dsakeyfile = OPT_ARG(X509DSAKEYFILE); + if (HAVE_OPT(X509DSACERTFILE)) + x509_dsacertfile = OPT_ARG(X509DSACERTFILE); + + + if (HAVE_OPT(X509ECCKEYFILE)) + x509_ecckeyfile = OPT_ARG(X509ECCKEYFILE); + if (HAVE_OPT(X509CERTFILE)) + x509_ecccertfile = OPT_ARG(X509ECCCERTFILE); + + if (HAVE_OPT(X509CAFILE)) + x509_cafile = OPT_ARG(X509CAFILE); + if (HAVE_OPT(X509CRLFILE)) + x509_crlfile = OPT_ARG(X509CRLFILE); + + if (HAVE_OPT(PGPKEYFILE)) + pgp_keyfile = OPT_ARG(PGPKEYFILE); + if (HAVE_OPT(PGPCERTFILE)) + pgp_certfile = OPT_ARG(PGPCERTFILE); + + if (HAVE_OPT(PGPKEYRING)) + pgp_keyring = OPT_ARG(PGPKEYRING); + + if (HAVE_OPT(SRPPASSWD)) + srp_passwd = OPT_ARG(SRPPASSWD); + if (HAVE_OPT(SRPPASSWDCONF)) + srp_passwd_conf = OPT_ARG(SRPPASSWDCONF); + + if (HAVE_OPT(PSKPASSWD)) + psk_passwd = OPT_ARG(PSKPASSWD); + } extern void serv_version (void);