diff options
Diffstat (limited to 'src/pki')
-rw-r--r-- | src/pki/Makefile.am | 4 | ||||
-rw-r--r-- | src/pki/Makefile.in | 631 | ||||
-rw-r--r-- | src/pki/command.c | 2 | ||||
-rw-r--r-- | src/pki/commands/gen.c | 4 | ||||
-rw-r--r-- | src/pki/commands/issue.c | 24 | ||||
-rw-r--r-- | src/pki/commands/keyid.c | 6 | ||||
-rw-r--r-- | src/pki/commands/pkcs7.c | 8 | ||||
-rw-r--r-- | src/pki/commands/print.c | 8 | ||||
-rw-r--r-- | src/pki/commands/pub.c | 28 | ||||
-rw-r--r-- | src/pki/commands/req.c | 11 | ||||
-rw-r--r-- | src/pki/commands/self.c | 10 | ||||
-rw-r--r-- | src/pki/commands/signcrl.c | 12 | ||||
-rw-r--r-- | src/pki/commands/verify.c | 9 | ||||
-rw-r--r-- | src/pki/man/Makefile.am | 14 | ||||
-rw-r--r-- | src/pki/man/Makefile.in | 637 | ||||
-rw-r--r-- | src/pki/man/pki---gen.1.in | 112 | ||||
-rw-r--r-- | src/pki/man/pki---issue.1.in | 179 | ||||
-rw-r--r-- | src/pki/man/pki---keyid.1.in | 72 | ||||
-rw-r--r-- | src/pki/man/pki---pkcs7.1.in | 79 | ||||
-rw-r--r-- | src/pki/man/pki---print.1.in | 53 | ||||
-rw-r--r-- | src/pki/man/pki---pub.1.in | 77 | ||||
-rw-r--r-- | src/pki/man/pki---req.1.in | 91 | ||||
-rw-r--r-- | src/pki/man/pki---self.1.in | 148 | ||||
-rw-r--r-- | src/pki/man/pki---signcrl.1.in | 124 | ||||
-rw-r--r-- | src/pki/man/pki---verify.1.in | 56 | ||||
-rw-r--r-- | src/pki/man/pki.1.in | 156 | ||||
-rw-r--r-- | src/pki/pki.c | 13 |
27 files changed, 2249 insertions, 319 deletions
diff --git a/src/pki/Makefile.am b/src/pki/Makefile.am index e07938284..efbed9b2b 100644 --- a/src/pki/Makefile.am +++ b/src/pki/Makefile.am @@ -1,4 +1,6 @@ -ipsec_PROGRAMS = pki +SUBDIRS = man + +bin_PROGRAMS = pki pki_SOURCES = pki.c pki.h command.c command.h \ commands/gen.c \ diff --git a/src/pki/Makefile.in b/src/pki/Makefile.in index f58ad1bce..1101366d1 100644 --- a/src/pki/Makefile.in +++ b/src/pki/Makefile.in @@ -1,9 +1,8 @@ -# Makefile.in generated by automake 1.11.6 from Makefile.am. +# Makefile.in generated by automake 1.13.3 from Makefile.am. # @configure_input@ -# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software -# Foundation, Inc. +# Copyright (C) 1994-2013 Free Software Foundation, Inc. + # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,23 +15,51 @@ @SET_MAKE@ VPATH = @srcdir@ -am__make_dryrun = \ - { \ - am__dry=no; \ +am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ case $$MAKEFLAGS in \ *\\[\ \ ]*) \ - echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ - | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ - *) \ - for am__flg in $$MAKEFLAGS; do \ - case $$am__flg in \ - *=*|--*) ;; \ - *n*) am__dry=yes; break;; \ - esac; \ - done;; \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ esac; \ - test $$am__dry = yes; \ - } + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -51,15 +78,17 @@ PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ -ipsec_PROGRAMS = pki$(EXEEXT) +bin_PROGRAMS = pki$(EXEEXT) subdir = src/pki -DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in +DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ + $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ $(top_srcdir)/m4/config/ltsugar.m4 \ $(top_srcdir)/m4/config/ltversion.m4 \ $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/split-package-version.m4 \ $(top_srcdir)/m4/macros/with.m4 \ $(top_srcdir)/m4/macros/enable-disable.m4 \ $(top_srcdir)/m4/macros/add-plugin.m4 \ @@ -70,17 +99,33 @@ mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = -am__installdirs = "$(DESTDIR)$(ipsecdir)" -PROGRAMS = $(ipsec_PROGRAMS) -am_pki_OBJECTS = pki.$(OBJEXT) command.$(OBJEXT) gen.$(OBJEXT) \ - issue.$(OBJEXT) keyid.$(OBJEXT) pub.$(OBJEXT) req.$(OBJEXT) \ - self.$(OBJEXT) print.$(OBJEXT) signcrl.$(OBJEXT) \ - pkcs7.$(OBJEXT) verify.$(OBJEXT) +am__installdirs = "$(DESTDIR)$(bindir)" +PROGRAMS = $(bin_PROGRAMS) +am__dirstamp = $(am__leading_dot)dirstamp +am_pki_OBJECTS = pki.$(OBJEXT) command.$(OBJEXT) \ + commands/gen.$(OBJEXT) commands/issue.$(OBJEXT) \ + commands/keyid.$(OBJEXT) commands/pub.$(OBJEXT) \ + commands/req.$(OBJEXT) commands/self.$(OBJEXT) \ + commands/print.$(OBJEXT) commands/signcrl.$(OBJEXT) \ + commands/pkcs7.$(OBJEXT) commands/verify.$(OBJEXT) pki_OBJECTS = $(am_pki_OBJECTS) pki_DEPENDENCIES = $(top_builddir)/src/libstrongswan/libstrongswan.la AM_V_lt = $(am__v_lt_@AM_V@) am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) am__v_lt_0 = --silent +am__v_lt_1 = +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles @@ -93,30 +138,85 @@ LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(AM_CFLAGS) $(CFLAGS) AM_V_CC = $(am__v_CC_@AM_V@) am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) -am__v_CC_0 = @echo " CC " $@; -AM_V_at = $(am__v_at_@AM_V@) -am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) -am__v_at_0 = @ +am__v_CC_0 = @echo " CC " $@; +am__v_CC_1 = CCLD = $(CC) LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(AM_LDFLAGS) $(LDFLAGS) -o $@ AM_V_CCLD = $(am__v_CCLD_@AM_V@) am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) -am__v_CCLD_0 = @echo " CCLD " $@; -AM_V_GEN = $(am__v_GEN_@AM_V@) -am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) -am__v_GEN_0 = @echo " GEN " $@; +am__v_CCLD_0 = @echo " CCLD " $@; +am__v_CCLD_1 = SOURCES = $(pki_SOURCES) DIST_SOURCES = $(pki_SOURCES) +RECURSIVE_TARGETS = all-recursive check-recursive cscopelist-recursive \ + ctags-recursive dvi-recursive html-recursive info-recursive \ + install-data-recursive install-dvi-recursive \ + install-exec-recursive install-html-recursive \ + install-info-recursive install-pdf-recursive \ + install-ps-recursive install-recursive installcheck-recursive \ + installdirs-recursive pdf-recursive ps-recursive \ + tags-recursive uninstall-recursive am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac +RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ + distclean-recursive maintainer-clean-recursive +am__recursive_targets = \ + $(RECURSIVE_TARGETS) \ + $(RECURSIVE_CLEAN_TARGETS) \ + $(am__extra_recursive_targets) +AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \ + distdir +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +# Read a list of newline-separated strings from the standard input, +# and print each of them once, without duplicates. Input order is +# *not* preserved. +am__uniquify_input = $(AWK) '\ + BEGIN { nonempty = 0; } \ + { items[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in items) print i; }; } \ +' +# Make sure the list of sources is unique. This is necessary because, +# e.g., the same source file might be shared among _SOURCES variables +# for different programs/libraries. +am__define_uniq_tagged_files = \ + list='$(am__tagged_files)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +DIST_SUBDIRS = $(SUBDIRS) DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +am__relativize = \ + dir0=`pwd`; \ + sed_first='s,^\([^/]*\)/.*$$,\1,'; \ + sed_rest='s,^[^/]*/*,,'; \ + sed_last='s,^.*/\([^/]*\)$$,\1,'; \ + sed_butlast='s,/*[^/]*$$,,'; \ + while test -n "$$dir1"; do \ + first=`echo "$$dir1" | sed -e "$$sed_first"`; \ + if test "$$first" != "."; then \ + if test "$$first" = ".."; then \ + dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ + dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ + else \ + first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ + if test "$$first2" = "$$first"; then \ + dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ + else \ + dir2="../$$dir2"; \ + fi; \ + dir0="$$dir0"/"$$first"; \ + fi; \ + fi; \ + dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ + done; \ + reldir="$$dir2" ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ @@ -190,6 +290,10 @@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ +PACKAGE_VERSION_BUILD = @PACKAGE_VERSION_BUILD@ +PACKAGE_VERSION_MAJOR = @PACKAGE_VERSION_MAJOR@ +PACKAGE_VERSION_MINOR = @PACKAGE_VERSION_MINOR@ +PACKAGE_VERSION_REVIEW = @PACKAGE_VERSION_REVIEW@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ @@ -306,6 +410,7 @@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ +t_plugins = @t_plugins@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ @@ -313,6 +418,7 @@ top_srcdir = @top_srcdir@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ +SUBDIRS = man pki_SOURCES = pki.c pki.h command.c command.h \ commands/gen.c \ commands/issue.c \ @@ -330,7 +436,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ -DPLUGINS=\""${pki_plugins}\"" -all: all-am +all: all-recursive .SUFFIXES: .SUFFIXES: .c .lo .o .obj @@ -364,19 +470,21 @@ $(top_srcdir)/configure: $(am__configure_deps) $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): -install-ipsecPROGRAMS: $(ipsec_PROGRAMS) +install-binPROGRAMS: $(bin_PROGRAMS) @$(NORMAL_INSTALL) - @list='$(ipsec_PROGRAMS)'; test -n "$(ipsecdir)" || list=; \ + @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \ if test -n "$$list"; then \ - echo " $(MKDIR_P) '$(DESTDIR)$(ipsecdir)'"; \ - $(MKDIR_P) "$(DESTDIR)$(ipsecdir)" || exit 1; \ + echo " $(MKDIR_P) '$(DESTDIR)$(bindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(bindir)" || exit 1; \ fi; \ for p in $$list; do echo "$$p $$p"; done | \ sed 's/$(EXEEXT)$$//' | \ - while read p p1; do if test -f $$p || test -f $$p1; \ - then echo "$$p"; echo "$$p"; else :; fi; \ + while read p p1; do if test -f $$p \ + || test -f $$p1 \ + ; then echo "$$p"; echo "$$p"; else :; fi; \ done | \ - sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ + sed -e 'p;s,.*/,,;n;h' \ + -e 's|.*|.|' \ -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ sed 'N;N;N;s,\n, ,g' | \ $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ @@ -387,239 +495,167 @@ install-ipsecPROGRAMS: $(ipsec_PROGRAMS) while read type dir files; do \ if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ test -z "$$files" || { \ - echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(ipsecdir)$$dir'"; \ - $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(ipsecdir)$$dir" || exit $$?; \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(bindir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(bindir)$$dir" || exit $$?; \ } \ ; done -uninstall-ipsecPROGRAMS: +uninstall-binPROGRAMS: @$(NORMAL_UNINSTALL) - @list='$(ipsec_PROGRAMS)'; test -n "$(ipsecdir)" || list=; \ + @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \ files=`for p in $$list; do echo "$$p"; done | \ sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ - -e 's/$$/$(EXEEXT)/' `; \ + -e 's/$$/$(EXEEXT)/' \ + `; \ test -n "$$list" || exit 0; \ - echo " ( cd '$(DESTDIR)$(ipsecdir)' && rm -f" $$files ")"; \ - cd "$(DESTDIR)$(ipsecdir)" && rm -f $$files + echo " ( cd '$(DESTDIR)$(bindir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(bindir)" && rm -f $$files -clean-ipsecPROGRAMS: - @list='$(ipsec_PROGRAMS)'; test -n "$$list" || exit 0; \ +clean-binPROGRAMS: + @list='$(bin_PROGRAMS)'; test -n "$$list" || exit 0; \ echo " rm -f" $$list; \ rm -f $$list || exit $$?; \ test -n "$(EXEEXT)" || exit 0; \ list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ echo " rm -f" $$list; \ rm -f $$list +commands/$(am__dirstamp): + @$(MKDIR_P) commands + @: > commands/$(am__dirstamp) +commands/$(DEPDIR)/$(am__dirstamp): + @$(MKDIR_P) commands/$(DEPDIR) + @: > commands/$(DEPDIR)/$(am__dirstamp) +commands/gen.$(OBJEXT): commands/$(am__dirstamp) \ + commands/$(DEPDIR)/$(am__dirstamp) +commands/issue.$(OBJEXT): commands/$(am__dirstamp) \ + commands/$(DEPDIR)/$(am__dirstamp) +commands/keyid.$(OBJEXT): commands/$(am__dirstamp) \ + commands/$(DEPDIR)/$(am__dirstamp) +commands/pub.$(OBJEXT): commands/$(am__dirstamp) \ + commands/$(DEPDIR)/$(am__dirstamp) +commands/req.$(OBJEXT): commands/$(am__dirstamp) \ + commands/$(DEPDIR)/$(am__dirstamp) +commands/self.$(OBJEXT): commands/$(am__dirstamp) \ + commands/$(DEPDIR)/$(am__dirstamp) +commands/print.$(OBJEXT): commands/$(am__dirstamp) \ + commands/$(DEPDIR)/$(am__dirstamp) +commands/signcrl.$(OBJEXT): commands/$(am__dirstamp) \ + commands/$(DEPDIR)/$(am__dirstamp) +commands/pkcs7.$(OBJEXT): commands/$(am__dirstamp) \ + commands/$(DEPDIR)/$(am__dirstamp) +commands/verify.$(OBJEXT): commands/$(am__dirstamp) \ + commands/$(DEPDIR)/$(am__dirstamp) + pki$(EXEEXT): $(pki_OBJECTS) $(pki_DEPENDENCIES) $(EXTRA_pki_DEPENDENCIES) @rm -f pki$(EXEEXT) $(AM_V_CCLD)$(LINK) $(pki_OBJECTS) $(pki_LDADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) + -rm -f commands/*.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/command.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gen.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/issue.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keyid.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs7.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pki.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/print.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pub.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/req.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/self.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/signcrl.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/verify.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@commands/$(DEPDIR)/gen.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@commands/$(DEPDIR)/issue.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@commands/$(DEPDIR)/keyid.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@commands/$(DEPDIR)/pkcs7.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@commands/$(DEPDIR)/print.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@commands/$(DEPDIR)/pub.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@commands/$(DEPDIR)/req.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@commands/$(DEPDIR)/self.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@commands/$(DEPDIR)/signcrl.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@commands/$(DEPDIR)/verify.Po@am__quote@ .c.o: -@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $< .c.obj: -@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` .c.lo: -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\ +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< -gen.o: commands/gen.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT gen.o -MD -MP -MF $(DEPDIR)/gen.Tpo -c -o gen.o `test -f 'commands/gen.c' || echo '$(srcdir)/'`commands/gen.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/gen.Tpo $(DEPDIR)/gen.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='commands/gen.c' object='gen.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o gen.o `test -f 'commands/gen.c' || echo '$(srcdir)/'`commands/gen.c - -gen.obj: commands/gen.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT gen.obj -MD -MP -MF $(DEPDIR)/gen.Tpo -c -o gen.obj `if test -f 'commands/gen.c'; then $(CYGPATH_W) 'commands/gen.c'; else $(CYGPATH_W) '$(srcdir)/commands/gen.c'; fi` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/gen.Tpo $(DEPDIR)/gen.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='commands/gen.c' object='gen.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o gen.obj `if test -f 'commands/gen.c'; then $(CYGPATH_W) 'commands/gen.c'; else $(CYGPATH_W) '$(srcdir)/commands/gen.c'; fi` - -issue.o: commands/issue.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT issue.o -MD -MP -MF $(DEPDIR)/issue.Tpo -c -o issue.o `test -f 'commands/issue.c' || echo '$(srcdir)/'`commands/issue.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/issue.Tpo $(DEPDIR)/issue.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='commands/issue.c' object='issue.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o issue.o `test -f 'commands/issue.c' || echo '$(srcdir)/'`commands/issue.c - -issue.obj: commands/issue.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT issue.obj -MD -MP -MF $(DEPDIR)/issue.Tpo -c -o issue.obj `if test -f 'commands/issue.c'; then $(CYGPATH_W) 'commands/issue.c'; else $(CYGPATH_W) '$(srcdir)/commands/issue.c'; fi` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/issue.Tpo $(DEPDIR)/issue.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='commands/issue.c' object='issue.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o issue.obj `if test -f 'commands/issue.c'; then $(CYGPATH_W) 'commands/issue.c'; else $(CYGPATH_W) '$(srcdir)/commands/issue.c'; fi` - -keyid.o: commands/keyid.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT keyid.o -MD -MP -MF $(DEPDIR)/keyid.Tpo -c -o keyid.o `test -f 'commands/keyid.c' || echo '$(srcdir)/'`commands/keyid.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/keyid.Tpo $(DEPDIR)/keyid.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='commands/keyid.c' object='keyid.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o keyid.o `test -f 'commands/keyid.c' || echo '$(srcdir)/'`commands/keyid.c - -keyid.obj: commands/keyid.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT keyid.obj -MD -MP -MF $(DEPDIR)/keyid.Tpo -c -o keyid.obj `if test -f 'commands/keyid.c'; then $(CYGPATH_W) 'commands/keyid.c'; else $(CYGPATH_W) '$(srcdir)/commands/keyid.c'; fi` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/keyid.Tpo $(DEPDIR)/keyid.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='commands/keyid.c' object='keyid.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o keyid.obj `if test -f 'commands/keyid.c'; then $(CYGPATH_W) 'commands/keyid.c'; else $(CYGPATH_W) '$(srcdir)/commands/keyid.c'; fi` - -pub.o: commands/pub.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT pub.o -MD -MP -MF $(DEPDIR)/pub.Tpo -c -o pub.o `test -f 'commands/pub.c' || echo '$(srcdir)/'`commands/pub.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/pub.Tpo $(DEPDIR)/pub.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='commands/pub.c' object='pub.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o pub.o `test -f 'commands/pub.c' || echo '$(srcdir)/'`commands/pub.c - -pub.obj: commands/pub.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT pub.obj -MD -MP -MF $(DEPDIR)/pub.Tpo -c -o pub.obj `if test -f 'commands/pub.c'; then $(CYGPATH_W) 'commands/pub.c'; else $(CYGPATH_W) '$(srcdir)/commands/pub.c'; fi` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/pub.Tpo $(DEPDIR)/pub.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='commands/pub.c' object='pub.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o pub.obj `if test -f 'commands/pub.c'; then $(CYGPATH_W) 'commands/pub.c'; else $(CYGPATH_W) '$(srcdir)/commands/pub.c'; fi` - -req.o: commands/req.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT req.o -MD -MP -MF $(DEPDIR)/req.Tpo -c -o req.o `test -f 'commands/req.c' || echo '$(srcdir)/'`commands/req.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/req.Tpo $(DEPDIR)/req.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='commands/req.c' object='req.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o req.o `test -f 'commands/req.c' || echo '$(srcdir)/'`commands/req.c - -req.obj: commands/req.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT req.obj -MD -MP -MF $(DEPDIR)/req.Tpo -c -o req.obj `if test -f 'commands/req.c'; then $(CYGPATH_W) 'commands/req.c'; else $(CYGPATH_W) '$(srcdir)/commands/req.c'; fi` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/req.Tpo $(DEPDIR)/req.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='commands/req.c' object='req.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o req.obj `if test -f 'commands/req.c'; then $(CYGPATH_W) 'commands/req.c'; else $(CYGPATH_W) '$(srcdir)/commands/req.c'; fi` - -self.o: commands/self.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT self.o -MD -MP -MF $(DEPDIR)/self.Tpo -c -o self.o `test -f 'commands/self.c' || echo '$(srcdir)/'`commands/self.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/self.Tpo $(DEPDIR)/self.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='commands/self.c' object='self.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o self.o `test -f 'commands/self.c' || echo '$(srcdir)/'`commands/self.c - -self.obj: commands/self.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT self.obj -MD -MP -MF $(DEPDIR)/self.Tpo -c -o self.obj `if test -f 'commands/self.c'; then $(CYGPATH_W) 'commands/self.c'; else $(CYGPATH_W) '$(srcdir)/commands/self.c'; fi` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/self.Tpo $(DEPDIR)/self.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='commands/self.c' object='self.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o self.obj `if test -f 'commands/self.c'; then $(CYGPATH_W) 'commands/self.c'; else $(CYGPATH_W) '$(srcdir)/commands/self.c'; fi` - -print.o: commands/print.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT print.o -MD -MP -MF $(DEPDIR)/print.Tpo -c -o print.o `test -f 'commands/print.c' || echo '$(srcdir)/'`commands/print.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/print.Tpo $(DEPDIR)/print.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='commands/print.c' object='print.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o print.o `test -f 'commands/print.c' || echo '$(srcdir)/'`commands/print.c - -print.obj: commands/print.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT print.obj -MD -MP -MF $(DEPDIR)/print.Tpo -c -o print.obj `if test -f 'commands/print.c'; then $(CYGPATH_W) 'commands/print.c'; else $(CYGPATH_W) '$(srcdir)/commands/print.c'; fi` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/print.Tpo $(DEPDIR)/print.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='commands/print.c' object='print.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o print.obj `if test -f 'commands/print.c'; then $(CYGPATH_W) 'commands/print.c'; else $(CYGPATH_W) '$(srcdir)/commands/print.c'; fi` - -signcrl.o: commands/signcrl.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT signcrl.o -MD -MP -MF $(DEPDIR)/signcrl.Tpo -c -o signcrl.o `test -f 'commands/signcrl.c' || echo '$(srcdir)/'`commands/signcrl.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/signcrl.Tpo $(DEPDIR)/signcrl.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='commands/signcrl.c' object='signcrl.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o signcrl.o `test -f 'commands/signcrl.c' || echo '$(srcdir)/'`commands/signcrl.c - -signcrl.obj: commands/signcrl.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT signcrl.obj -MD -MP -MF $(DEPDIR)/signcrl.Tpo -c -o signcrl.obj `if test -f 'commands/signcrl.c'; then $(CYGPATH_W) 'commands/signcrl.c'; else $(CYGPATH_W) '$(srcdir)/commands/signcrl.c'; fi` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/signcrl.Tpo $(DEPDIR)/signcrl.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='commands/signcrl.c' object='signcrl.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o signcrl.obj `if test -f 'commands/signcrl.c'; then $(CYGPATH_W) 'commands/signcrl.c'; else $(CYGPATH_W) '$(srcdir)/commands/signcrl.c'; fi` - -pkcs7.o: commands/pkcs7.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT pkcs7.o -MD -MP -MF $(DEPDIR)/pkcs7.Tpo -c -o pkcs7.o `test -f 'commands/pkcs7.c' || echo '$(srcdir)/'`commands/pkcs7.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/pkcs7.Tpo $(DEPDIR)/pkcs7.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='commands/pkcs7.c' object='pkcs7.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o pkcs7.o `test -f 'commands/pkcs7.c' || echo '$(srcdir)/'`commands/pkcs7.c - -pkcs7.obj: commands/pkcs7.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT pkcs7.obj -MD -MP -MF $(DEPDIR)/pkcs7.Tpo -c -o pkcs7.obj `if test -f 'commands/pkcs7.c'; then $(CYGPATH_W) 'commands/pkcs7.c'; else $(CYGPATH_W) '$(srcdir)/commands/pkcs7.c'; fi` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/pkcs7.Tpo $(DEPDIR)/pkcs7.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='commands/pkcs7.c' object='pkcs7.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o pkcs7.obj `if test -f 'commands/pkcs7.c'; then $(CYGPATH_W) 'commands/pkcs7.c'; else $(CYGPATH_W) '$(srcdir)/commands/pkcs7.c'; fi` - -verify.o: commands/verify.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT verify.o -MD -MP -MF $(DEPDIR)/verify.Tpo -c -o verify.o `test -f 'commands/verify.c' || echo '$(srcdir)/'`commands/verify.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/verify.Tpo $(DEPDIR)/verify.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='commands/verify.c' object='verify.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o verify.o `test -f 'commands/verify.c' || echo '$(srcdir)/'`commands/verify.c - -verify.obj: commands/verify.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT verify.obj -MD -MP -MF $(DEPDIR)/verify.Tpo -c -o verify.obj `if test -f 'commands/verify.c'; then $(CYGPATH_W) 'commands/verify.c'; else $(CYGPATH_W) '$(srcdir)/commands/verify.c'; fi` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/verify.Tpo $(DEPDIR)/verify.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='commands/verify.c' object='verify.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o verify.obj `if test -f 'commands/verify.c'; then $(CYGPATH_W) 'commands/verify.c'; else $(CYGPATH_W) '$(srcdir)/commands/verify.c'; fi` - mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs -ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | \ - $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in files) print i; }; }'`; \ - mkid -fID $$unique -tags: TAGS - -TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ - $(TAGS_FILES) $(LISP) +# This directory's subdirectories are mostly independent; you can cd +# into them and run 'make' without going through this Makefile. +# To change the values of 'make' variables: instead of editing Makefiles, +# (1) if the variable is set in 'config.status', edit 'config.status' +# (which will cause the Makefiles to be regenerated when you run 'make'); +# (2) otherwise, pass the desired values on the 'make' command line. +$(am__recursive_targets): + @fail=; \ + if $(am__make_keepgoing); then \ + failcom='fail=yes'; \ + else \ + failcom='exit 1'; \ + fi; \ + dot_seen=no; \ + target=`echo $@ | sed s/-recursive//`; \ + case "$@" in \ + distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ + *) list='$(SUBDIRS)' ;; \ + esac; \ + for subdir in $$list; do \ + echo "Making $$target in $$subdir"; \ + if test "$$subdir" = "."; then \ + dot_seen=yes; \ + local_target="$$target-am"; \ + else \ + local_target="$$target"; \ + fi; \ + ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ + || eval $$failcom; \ + done; \ + if test "$$dot_seen" = "no"; then \ + $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ + fi; test -z "$$fail" + +ID: $(am__tagged_files) + $(am__define_uniq_tagged_files); mkid -fID $$unique +tags: tags-recursive +TAGS: tags + +tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) set x; \ here=`pwd`; \ - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | \ - $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in files) print i; }; }'`; \ + if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ + include_option=--etags-include; \ + empty_fix=.; \ + else \ + include_option=--include; \ + empty_fix=; \ + fi; \ + list='$(SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + test ! -f $$subdir/TAGS || \ + set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ + fi; \ + done; \ + $(am__define_uniq_tagged_files); \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ @@ -631,15 +667,11 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $$unique; \ fi; \ fi -ctags: CTAGS -CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ - $(TAGS_FILES) $(LISP) - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | \ - $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in files) print i; }; }'`; \ +ctags: ctags-recursive + +CTAGS: ctags +ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + $(am__define_uniq_tagged_files); \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique @@ -648,6 +680,21 @@ GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" +cscopelist: cscopelist-recursive + +cscopelist-am: $(am__tagged_files) + list='$(am__tagged_files)'; \ + case "$(srcdir)" in \ + [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ + *) sdir=$(subdir)/$(srcdir) ;; \ + esac; \ + for i in $$list; do \ + if test -f "$$i"; then \ + echo "$(subdir)/$$i"; \ + else \ + echo "$$sdir/$$i"; \ + fi; \ + done >> $(top_builddir)/cscope.files distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -682,22 +729,48 @@ distdir: $(DISTFILES) || exit 1; \ fi; \ done + @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + $(am__make_dryrun) \ + || test -d "$(distdir)/$$subdir" \ + || $(MKDIR_P) "$(distdir)/$$subdir" \ + || exit 1; \ + dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ + $(am__relativize); \ + new_distdir=$$reldir; \ + dir1=$$subdir; dir2="$(top_distdir)"; \ + $(am__relativize); \ + new_top_distdir=$$reldir; \ + echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ + echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ + ($(am__cd) $$subdir && \ + $(MAKE) $(AM_MAKEFLAGS) \ + top_distdir="$$new_top_distdir" \ + distdir="$$new_distdir" \ + am__remove_distdir=: \ + am__skip_length_check=: \ + am__skip_mode_fix=: \ + distdir) \ + || exit 1; \ + fi; \ + done check-am: all-am -check: check-am +check: check-recursive all-am: Makefile $(PROGRAMS) -installdirs: - for dir in "$(DESTDIR)$(ipsecdir)"; do \ +installdirs: installdirs-recursive +installdirs-am: + for dir in "$(DESTDIR)$(bindir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done -install: install-am -install-exec: install-exec-am -install-data: install-data-am -uninstall: uninstall-am +install: install-recursive +install-exec: install-exec-recursive +install-data: install-data-recursive +uninstall: uninstall-recursive install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am -installcheck: installcheck-am +installcheck: installcheck-recursive install-strip: if test -z '$(STRIP)'; then \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ @@ -715,96 +788,98 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + -rm -f commands/$(DEPDIR)/$(am__dirstamp) + -rm -f commands/$(am__dirstamp) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -clean: clean-am +clean: clean-recursive -clean-am: clean-generic clean-ipsecPROGRAMS clean-libtool \ - mostlyclean-am +clean-am: clean-binPROGRAMS clean-generic clean-libtool mostlyclean-am -distclean: distclean-am - -rm -rf ./$(DEPDIR) +distclean: distclean-recursive + -rm -rf ./$(DEPDIR) commands/$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags -dvi: dvi-am +dvi: dvi-recursive dvi-am: -html: html-am +html: html-recursive html-am: -info: info-am +info: info-recursive info-am: -install-data-am: install-ipsecPROGRAMS +install-data-am: -install-dvi: install-dvi-am +install-dvi: install-dvi-recursive install-dvi-am: -install-exec-am: +install-exec-am: install-binPROGRAMS -install-html: install-html-am +install-html: install-html-recursive install-html-am: -install-info: install-info-am +install-info: install-info-recursive install-info-am: install-man: -install-pdf: install-pdf-am +install-pdf: install-pdf-recursive install-pdf-am: -install-ps: install-ps-am +install-ps: install-ps-recursive install-ps-am: installcheck-am: -maintainer-clean: maintainer-clean-am - -rm -rf ./$(DEPDIR) +maintainer-clean: maintainer-clean-recursive + -rm -rf ./$(DEPDIR) commands/$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic -mostlyclean: mostlyclean-am +mostlyclean: mostlyclean-recursive mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool -pdf: pdf-am +pdf: pdf-recursive pdf-am: -ps: ps-am +ps: ps-recursive ps-am: -uninstall-am: uninstall-ipsecPROGRAMS +uninstall-am: uninstall-binPROGRAMS -.MAKE: install-am install-strip +.MAKE: $(am__recursive_targets) install-am install-strip -.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ - clean-ipsecPROGRAMS clean-libtool ctags distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ +.PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am check \ + check-am clean clean-binPROGRAMS clean-generic clean-libtool \ + cscopelist-am ctags ctags-am distclean distclean-compile \ + distclean-generic distclean-libtool distclean-tags distdir dvi \ + dvi-am html html-am info info-am install install-am \ + install-binPROGRAMS install-data install-data-am install-dvi \ install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am \ - install-ipsecPROGRAMS install-man install-pdf install-pdf-am \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags uninstall uninstall-am uninstall-ipsecPROGRAMS + install-html-am install-info install-info-am install-man \ + install-pdf install-pdf-am install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + installdirs-am maintainer-clean maintainer-clean-generic \ + mostlyclean mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ + uninstall-am uninstall-binPROGRAMS pki.o : $(top_builddir)/config.status diff --git a/src/pki/command.c b/src/pki/command.c index a5e5b8528..984da59b4 100644 --- a/src/pki/command.c +++ b/src/pki/command.c @@ -258,6 +258,6 @@ int command_dispatch(int c, char *v[]) return cmds[i].call(); } } - return command_usage("invalid operation"); + return command_usage(c > 1 ? "invalid operation" : NULL); } diff --git a/src/pki/commands/gen.c b/src/pki/commands/gen.c index e3602f0c3..b74be7d98 100644 --- a/src/pki/commands/gen.c +++ b/src/pki/commands/gen.c @@ -151,7 +151,7 @@ static void __attribute__ ((constructor))reg() command_register((command_t) { gen, 'g', "gen", "generate a new private key", {" [--type rsa|ecdsa] [--size bits] [--safe-primes]", - "[--shares n] [--threshold l] [--outform der|pem|pgp]"}, + "[--shares n] [--threshold l] [--outform der|pem]"}, { {"help", 'h', 0, "show usage information"}, {"type", 't', 1, "type of key, default: rsa"}, @@ -159,7 +159,7 @@ static void __attribute__ ((constructor))reg() {"safe-primes", 'p', 0, "generate rsa safe primes"}, {"shares", 'n', 1, "number of private rsa key shares"}, {"threshold", 'l', 1, "minimum number of participating rsa key shares"}, - {"outform", 'f', 1, "encoding of generated private key"}, + {"outform", 'f', 1, "encoding of generated private key, default: der"}, } }); } diff --git a/src/pki/commands/issue.c b/src/pki/commands/issue.c index 5f098ba41..000f63d1a 100644 --- a/src/pki/commands/issue.c +++ b/src/pki/commands/issue.c @@ -380,9 +380,13 @@ static int issue() } else { + chunk_t chunk; + + chunk = chunk_from_fd(0); cert_req = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_PKCS10_REQUEST, - BUILD_FROM_FD, 0, BUILD_END); + BUILD_BLOB, chunk, BUILD_END); + free(chunk.ptr); } if (!cert_req) { @@ -419,8 +423,12 @@ static int issue() } else { + chunk_t chunk; + + chunk = chunk_from_fd(0); public = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, - BUILD_FROM_FD, 0, BUILD_END); + BUILD_BLOB, chunk, BUILD_END); + free(chunk.ptr); } } if (!public) @@ -514,14 +522,14 @@ static void __attribute__ ((constructor))reg() command_register((command_t) { issue, 'i', "issue", "issue a certificate using a CA certificate and key", - {"[--in file] [--type pub|pkcs10] --cakey file | --cakeyid hex", + {"[--in file] [--type pub|pkcs10] --cakey file|--cakeyid hex", " --cacert file [--dn subject-dn] [--san subjectAltName]+", - "[--lifetime days] [--serial hex] [--crl uri [--crlissuer i] ]+ [--ocsp uri]+", - "[--ca] [--pathlen len] [--flag serverAuth|clientAuth|crlSign|ocspSigning]+", - "[--nc-permitted name] [--nc-excluded name]", - "[--cert-policy oid [--cps-uri uri] [--user-notice text] ]+", - "[--policy-map issuer-oid:subject-oid]", + "[--lifetime days] [--serial hex] [--ca] [--pathlen len]", + "[--flag serverAuth|clientAuth|crlSign|ocspSigning]+", + "[--crl uri [--crlissuer i]]+ [--ocsp uri]+ [--nc-permitted name]", + "[--nc-excluded name] [--policy-mapping issuer-oid:subject-oid]", "[--policy-explicit len] [--policy-inhibit len] [--policy-any len]", + "[--cert-policy oid [--cps-uri uri] [--user-notice text]]+", "[--digest md5|sha1|sha224|sha256|sha384|sha512] [--outform der|pem]"}, { {"help", 'h', 0, "show usage information"}, diff --git a/src/pki/commands/keyid.c b/src/pki/commands/keyid.c index 6d2f7b915..353670e32 100644 --- a/src/pki/commands/keyid.c +++ b/src/pki/commands/keyid.c @@ -87,8 +87,12 @@ static int keyid() } else { + chunk_t chunk; + + chunk = chunk_from_fd(0); cred = lib->creds->create(lib->creds, type, subtype, - BUILD_FROM_FD, 0, BUILD_END); + BUILD_BLOB, chunk, BUILD_END); + free(chunk.ptr); } if (!cred) { diff --git a/src/pki/commands/pkcs7.c b/src/pki/commands/pkcs7.c index 790656c62..6c75693ab 100644 --- a/src/pki/commands/pkcs7.c +++ b/src/pki/commands/pkcs7.c @@ -445,8 +445,8 @@ static void __attribute__ ((constructor))reg() { command_register((command_t) { pkcs7, '7', "pkcs7", "PKCS#7 wrap/unwrap functions", - {"--sign | --verify | --encrypt | --decrypt", - "--certificate+ [--key]"}, + {"--sign|--verify|--encrypt|--decrypt|--show", + "[--in file] [--cert file]+ [--key file]"}, { {"help", 'h', 0, "show usage information"}, {"sign", 's', 0, "create PKCS#7 signed-data"}, @@ -455,8 +455,8 @@ static void __attribute__ ((constructor))reg() {"decrypt", 'd', 0, "decrypt PKCS#7 enveloped-data"}, {"show", 'p', 0, "show info about PKCS#7, print certificates"}, {"in", 'i', 1, "input file, default: stdin"}, - {"key", 'k', 1, "path to private key for sign/decryp"}, - {"cert", 'c', 1, "path to certificate for sign/verify/encryp"}, + {"key", 'k', 1, "path to private key for sign/decrypt"}, + {"cert", 'c', 1, "path to certificate for sign/verify/encrypt"}, } }); } diff --git a/src/pki/commands/print.c b/src/pki/commands/print.c index 90cf254c8..2261e44ff 100644 --- a/src/pki/commands/print.c +++ b/src/pki/commands/print.c @@ -338,7 +338,7 @@ static void print_crl(crl_t *crl) if (crl->is_delta_crl(crl, &chunk)) { - chunk = chunk_skip_zero(chunk); + chunk = chunk_skip_zero(chunk); printf("delta CRL: for serial %#B\n", &chunk); } chunk = crl->get_authKeyIdentifier(crl); @@ -508,8 +508,12 @@ static int print() } else { + chunk_t chunk; + + chunk = chunk_from_fd(0); cred = lib->creds->create(lib->creds, type, subtype, - BUILD_FROM_FD, 0, BUILD_END); + BUILD_BLOB, chunk, BUILD_END); + free(chunk.ptr); } if (!cred) { diff --git a/src/pki/commands/pub.c b/src/pki/commands/pub.c index 9912061f4..7f88055ef 100644 --- a/src/pki/commands/pub.c +++ b/src/pki/commands/pub.c @@ -51,6 +51,11 @@ static int pub() type = CRED_PRIVATE_KEY; subtype = KEY_ECDSA; } + else if (streq(arg, "pub")) + { + type = CRED_PUBLIC_KEY; + subtype = KEY_ANY; + } else if (streq(arg, "pkcs10")) { type = CRED_CERTIFICATE; @@ -96,13 +101,17 @@ static int pub() chunk = chunk_from_hex(chunk_create(keyid, strlen(keyid)), NULL); cred = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_ANY, - BUILD_PKCS11_KEYID, chunk, BUILD_END); + BUILD_PKCS11_KEYID, chunk, BUILD_END); free(chunk.ptr); } else { + chunk_t chunk; + + chunk = chunk_from_fd(0); cred = lib->creds->create(lib->creds, type, subtype, - BUILD_FROM_FD, 0, BUILD_END); + BUILD_BLOB, chunk, BUILD_END); + free(chunk.ptr); } if (type == CRED_PRIVATE_KEY) @@ -116,6 +125,15 @@ static int pub() public = private->get_public_key(private); private->destroy(private); } + else if (type == CRED_PUBLIC_KEY) + { + public = cred; + if (!public) + { + fprintf(stderr, "parsing public key failed\n"); + return 1; + } + } else { cert = cred; @@ -157,14 +175,14 @@ static void __attribute__ ((constructor))reg() command_register((command_t) { pub, 'p', "pub", "extract the public key from a private key/certificate", - {"[--in file|--keyid hex] [--type rsa|ecdsa|pkcs10|x509]", - "[--outform der|pem|pgp|dnskey]"}, + {"[--in file|--keyid hex] [--type rsa|ecdsa|pub|pkcs10|x509]", + "[--outform der|pem|dnskey|sshkey]"}, { {"help", 'h', 0, "show usage information"}, {"in", 'i', 1, "input file, default: stdin"}, {"keyid", 'x', 1, "keyid on smartcard of private key"}, {"type", 't', 1, "type of credential, default: rsa"}, - {"outform", 'f', 1, "encoding of extracted public key"}, + {"outform", 'f', 1, "encoding of extracted public key, default: der"}, } }); } diff --git a/src/pki/commands/req.c b/src/pki/commands/req.c index d90ddc251..628463e7b 100644 --- a/src/pki/commands/req.c +++ b/src/pki/commands/req.c @@ -116,8 +116,12 @@ static int req() } else { + chunk_t chunk; + + chunk = chunk_from_fd(0); private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, type, - BUILD_FROM_FD, 0, BUILD_END); + BUILD_BLOB, chunk, BUILD_END); + free(chunk.ptr); } if (!private) { @@ -174,9 +178,8 @@ static void __attribute__ ((constructor))reg() command_register((command_t) { req, 'r', "req", "create a PKCS#10 certificate request", - {"[--in file] [--type rsa|ecdsa]", - " --dn distinguished-name [--san subjectAltName]+", - "[--password challengePassword]", + {" [--in file] [--type rsa|ecdsa] --dn distinguished-name", + "[--san subjectAltName]+ [--password challengePassword]", "[--digest md5|sha1|sha224|sha256|sha384|sha512] [--outform der|pem]"}, { {"help", 'h', 0, "show usage information"}, diff --git a/src/pki/commands/self.c b/src/pki/commands/self.c index 448360821..6bf0b1353 100644 --- a/src/pki/commands/self.c +++ b/src/pki/commands/self.c @@ -271,8 +271,12 @@ static int self() } else { + chunk_t chunk; + + chunk = chunk_from_fd(0); private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, type, - BUILD_FROM_FD, 0, BUILD_END); + BUILD_BLOB, chunk, BUILD_END); + free(chunk.ptr); } if (!private) { @@ -378,14 +382,14 @@ static void __attribute__ ((constructor))reg() command_register((command_t) { self, 's', "self", "create a self signed certificate", - {"[--in file | --keyid hex] [--type rsa|ecdsa]", + {" [--in file|--keyid hex] [--type rsa|ecdsa]", " --dn distinguished-name [--san subjectAltName]+", "[--lifetime days] [--serial hex] [--ca] [--ocsp uri]+", "[--flag serverAuth|clientAuth|crlSign|ocspSigning]+", "[--nc-permitted name] [--nc-excluded name]", - "[--cert-policy oid [--cps-uri uri] [--user-notice text] ]+", "[--policy-map issuer-oid:subject-oid]", "[--policy-explicit len] [--policy-inhibit len] [--policy-any len]", + "[--cert-policy oid [--cps-uri uri] [--user-notice text]]+", "[--digest md5|sha1|sha224|sha256|sha384|sha512] [--outform der|pem]"}, { {"help", 'h', 0, "show usage information"}, diff --git a/src/pki/commands/signcrl.c b/src/pki/commands/signcrl.c index f9746cca7..4f9dd291d 100644 --- a/src/pki/commands/signcrl.c +++ b/src/pki/commands/signcrl.c @@ -429,13 +429,13 @@ static void __attribute__ ((constructor))reg() command_register((command_t) { sign_crl, 'c', "signcrl", "issue a CRL using a CA certificate and key", - {"--cacert file --cakey file | --cakeyid hex --lifetime days", - "[--lastcrl crl] [--basecrl crl] [--crluri uri ]+", - "[ [--reason key-compromise|ca-compromise|affiliation-changed|", + {"--cacert file --cakey file|--cakeyid hex [--lifetime days]", + " [--lastcrl crl] [--basecrl crl] [--crluri uri]+", + " [[--reason key-compromise|ca-compromise|affiliation-changed|", " superseded|cessation-of-operation|certificate-hold]", - " [--date timestamp]", - " --cert file | --serial hex ]*", - "[--digest md5|sha1|sha224|sha256|sha384|sha512] [--outform der|pem]"}, + " [--date timestamp] --cert file|--serial hex]*", + " [--digest md5|sha1|sha224|sha256|sha384|sha512]", + " [--outform der|pem]"}, { {"help", 'h', 0, "show usage information"}, {"cacert", 'c', 1, "CA certificate file"}, diff --git a/src/pki/commands/verify.c b/src/pki/commands/verify.c index 3e983d3ec..96b2b5065 100644 --- a/src/pki/commands/verify.c +++ b/src/pki/commands/verify.c @@ -55,8 +55,12 @@ static int verify() } else { + chunk_t chunk; + + chunk = chunk_from_fd(0); cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, - BUILD_FROM_FD, 0, BUILD_END); + BUILD_BLOB, chunk, BUILD_END); + free(chunk.ptr); } if (!cert) { @@ -125,7 +129,7 @@ static void __attribute__ ((constructor))reg() command_register((command_t) { verify, 'v', "verify", "verify a certificate using the CA certificate", - {"[--in file] [--ca file]"}, + {"[--in file] [--cacert file]"}, { {"help", 'h', 0, "show usage information"}, {"in", 'i', 1, "X.509 certificate to verify, default: stdin"}, @@ -133,4 +137,3 @@ static void __attribute__ ((constructor))reg() } }); } - diff --git a/src/pki/man/Makefile.am b/src/pki/man/Makefile.am new file mode 100644 index 000000000..618bd4093 --- /dev/null +++ b/src/pki/man/Makefile.am @@ -0,0 +1,14 @@ +man1_MANS = \ + pki.1 \ + pki---gen.1 \ + pki---self.1 \ + pki---issue.1 \ + pki---signcrl.1 \ + pki---req.1 \ + pki---pkcs7.1 \ + pki---keyid.1 \ + pki---print.1 \ + pki---pub.1 \ + pki---verify.1 + +CLEANFILES = $(man1_MANS) diff --git a/src/pki/man/Makefile.in b/src/pki/man/Makefile.in new file mode 100644 index 000000000..ecba4a9b3 --- /dev/null +++ b/src/pki/man/Makefile.in @@ -0,0 +1,637 @@ +# Makefile.in generated by automake 1.13.3 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994-2013 Free Software Foundation, Inc. + +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ +VPATH = @srcdir@ +am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = src/pki/man +DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ + $(srcdir)/pki.1.in $(srcdir)/pki---gen.1.in \ + $(srcdir)/pki---issue.1.in $(srcdir)/pki---keyid.1.in \ + $(srcdir)/pki---pkcs7.1.in $(srcdir)/pki---print.1.in \ + $(srcdir)/pki---pub.1.in $(srcdir)/pki---req.1.in \ + $(srcdir)/pki---self.1.in $(srcdir)/pki---signcrl.1.in \ + $(srcdir)/pki---verify.1.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/split-package-version.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/m4/macros/add-plugin.m4 \ + $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = pki.1 pki---gen.1 pki---issue.1 pki---keyid.1 \ + pki---pkcs7.1 pki---print.1 pki---pub.1 pki---req.1 \ + pki---self.1 pki---signcrl.1 pki---verify.1 +CONFIG_CLEAN_VPATH_FILES = +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = +SOURCES = +DIST_SOURCES = +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__uninstall_files_from_dir = { \ + test -z "$$files" \ + || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } +man1dir = $(mandir)/man1 +am__installdirs = "$(DESTDIR)$(man1dir)" +NROFF = nroff +MANS = $(man1_MANS) +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BFDLIB = @BFDLIB@ +BTLIB = @BTLIB@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CHECK_CFLAGS = @CHECK_CFLAGS@ +CHECK_LIBS = @CHECK_LIBS@ +COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ +COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLIB = @DLLIB@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GENHTML = @GENHTML@ +GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LCOV = @LCOV@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PACKAGE_VERSION_BUILD = @PACKAGE_VERSION_BUILD@ +PACKAGE_VERSION_MAJOR = @PACKAGE_VERSION_MAJOR@ +PACKAGE_VERSION_MINOR = @PACKAGE_VERSION_MINOR@ +PACKAGE_VERSION_REVIEW = @PACKAGE_VERSION_REVIEW@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PTHREADLIB = @PTHREADLIB@ +RANLIB = @RANLIB@ +RTLIB = @RTLIB@ +RUBY = @RUBY@ +RUBYINCLUDE = @RUBYINCLUDE@ +RUBYLIB = @RUBYLIB@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SOCKLIB = @SOCKLIB@ +STRIP = @STRIP@ +UNWINDLIB = @UNWINDLIB@ +VERSION = @VERSION@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +attest_plugins = @attest_plugins@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +c_plugins = @c_plugins@ +charon_natt_port = @charon_natt_port@ +charon_plugins = @charon_plugins@ +charon_udp_port = @charon_udp_port@ +clearsilver_LIBS = @clearsilver_LIBS@ +cmd_plugins = @cmd_plugins@ +datadir = @datadir@ +datarootdir = @datarootdir@ +dbusservicedir = @dbusservicedir@ +dev_headers = @dev_headers@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +fips_mode = @fips_mode@ +gtk_CFLAGS = @gtk_CFLAGS@ +gtk_LIBS = @gtk_LIBS@ +h_plugins = @h_plugins@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +imcvdir = @imcvdir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +ipsec_script = @ipsec_script@ +ipsec_script_upper = @ipsec_script_upper@ +ipsecdir = @ipsecdir@ +ipsecgroup = @ipsecgroup@ +ipseclibdir = @ipseclibdir@ +ipsecuser = @ipsecuser@ +libdir = @libdir@ +libexecdir = @libexecdir@ +linux_headers = @linux_headers@ +localedir = @localedir@ +localstatedir = @localstatedir@ +maemo_CFLAGS = @maemo_CFLAGS@ +maemo_LIBS = @maemo_LIBS@ +manager_plugins = @manager_plugins@ +mandir = @mandir@ +medsrv_plugins = @medsrv_plugins@ +mkdir_p = @mkdir_p@ +nm_CFLAGS = @nm_CFLAGS@ +nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ +nm_plugins = @nm_plugins@ +oldincludedir = @oldincludedir@ +openac_plugins = @openac_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ +pdfdir = @pdfdir@ +piddir = @piddir@ +pki_plugins = @pki_plugins@ +plugindir = @plugindir@ +pool_plugins = @pool_plugins@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +random_device = @random_device@ +resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ +s_plugins = @s_plugins@ +sbindir = @sbindir@ +scepclient_plugins = @scepclient_plugins@ +scripts_plugins = @scripts_plugins@ +sharedstatedir = @sharedstatedir@ +soup_CFLAGS = @soup_CFLAGS@ +soup_LIBS = @soup_LIBS@ +srcdir = @srcdir@ +starter_plugins = @starter_plugins@ +strongswan_conf = @strongswan_conf@ +sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ +t_plugins = @t_plugins@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ +xml_CFLAGS = @xml_CFLAGS@ +xml_LIBS = @xml_LIBS@ +man1_MANS = \ + pki.1 \ + pki---gen.1 \ + pki---self.1 \ + pki---issue.1 \ + pki---signcrl.1 \ + pki---req.1 \ + pki---pkcs7.1 \ + pki---keyid.1 \ + pki---print.1 \ + pki---pub.1 \ + pki---verify.1 + +CLEANFILES = $(man1_MANS) +all: all-am + +.SUFFIXES: +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/pki/man/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/pki/man/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): +pki.1: $(top_builddir)/config.status $(srcdir)/pki.1.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +pki---gen.1: $(top_builddir)/config.status $(srcdir)/pki---gen.1.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +pki---issue.1: $(top_builddir)/config.status $(srcdir)/pki---issue.1.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +pki---keyid.1: $(top_builddir)/config.status $(srcdir)/pki---keyid.1.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +pki---pkcs7.1: $(top_builddir)/config.status $(srcdir)/pki---pkcs7.1.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +pki---print.1: $(top_builddir)/config.status $(srcdir)/pki---print.1.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +pki---pub.1: $(top_builddir)/config.status $(srcdir)/pki---pub.1.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +pki---req.1: $(top_builddir)/config.status $(srcdir)/pki---req.1.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +pki---self.1: $(top_builddir)/config.status $(srcdir)/pki---self.1.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +pki---signcrl.1: $(top_builddir)/config.status $(srcdir)/pki---signcrl.1.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +pki---verify.1: $(top_builddir)/config.status $(srcdir)/pki---verify.1.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs +install-man1: $(man1_MANS) + @$(NORMAL_INSTALL) + @list1='$(man1_MANS)'; \ + list2=''; \ + test -n "$(man1dir)" \ + && test -n "`echo $$list1$$list2`" \ + || exit 0; \ + echo " $(MKDIR_P) '$(DESTDIR)$(man1dir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(man1dir)" || exit 1; \ + { for i in $$list1; do echo "$$i"; done; \ + if test -n "$$list2"; then \ + for i in $$list2; do echo "$$i"; done \ + | sed -n '/\.1[a-z]*$$/p'; \ + fi; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst" || exit $$?; \ + fi; \ + done; \ + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man1dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man1dir)" || exit $$?; }; \ + done; } + +uninstall-man1: + @$(NORMAL_UNINSTALL) + @list='$(man1_MANS)'; test -n "$(man1dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + dir='$(DESTDIR)$(man1dir)'; $(am__uninstall_files_from_dir) +tags TAGS: + +ctags CTAGS: + +cscope cscopelist: + + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(MANS) +installdirs: + for dir in "$(DESTDIR)$(man1dir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool mostlyclean-am + +distclean: distclean-am + -rm -f Makefile +distclean-am: clean-am distclean-generic + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-man + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: install-man1 + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-generic mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-man + +uninstall-man: uninstall-man1 + +.MAKE: install-am install-strip + +.PHONY: all all-am check check-am clean clean-generic clean-libtool \ + cscopelist-am ctags-am distclean distclean-generic \ + distclean-libtool distdir dvi dvi-am html html-am info info-am \ + install install-am install-data install-data-am install-dvi \ + install-dvi-am install-exec install-exec-am install-html \ + install-html-am install-info install-info-am install-man \ + install-man1 install-pdf install-pdf-am install-ps \ + install-ps-am install-strip installcheck installcheck-am \ + installdirs maintainer-clean maintainer-clean-generic \ + mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \ + ps ps-am tags-am uninstall uninstall-am uninstall-man \ + uninstall-man1 + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/pki/man/pki---gen.1.in b/src/pki/man/pki---gen.1.in new file mode 100644 index 000000000..138ab6122 --- /dev/null +++ b/src/pki/man/pki---gen.1.in @@ -0,0 +1,112 @@ +.TH "PKI \-\-GEN" 1 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan" +. +.SH "NAME" +. +pki \-\-gen \- Generate a new RSA or ECDSA private key +. +.SH "SYNOPSIS" +. +.SY pki\ \-\-gen +.OP \-\-type type +.OP \-\-size bits +.OP \-\-safe\-primes +.OP \-\-shares n +.OP \-\-threshold l +.OP \-\-outform encoding +.OP \-\-debug level +.YS +. +.SY pki\ \-\-gen +.BI \-\-options\~ file +.YS +. +.SY "pki \-\-gen" +.B \-h +| +.B \-\-help +.YS +. +.SH "DESCRIPTION" +. +This sub-command of +.BR pki (1) +is used to generate a new RSA or ECDSA private key. +. +.SH "OPTIONS" +. +.TP +.B "\-h, \-\-help" +Print usage information with a summary of the available options. +.TP +.BI "\-v, \-\-debug " level +Set debug level, default: 1. +.TP +.BI "\-+, \-\-options " file +Read command line options from \fIfile\fR. +.TP +.BI "\-t, \-\-type " type +Type of key to generate. Either \fIrsa\fR or \fIecdsa\fR, defaults to \fIrsa\fR. +.TP +.BI "\-s, \-\-size " bits +Key length in bits. Defaults to 2048 for \fIrsa\fR and 384 for \fIecdsa\fR. +For \fIecdsa\fR only three values are currently supported: 256, 384 and 521. +.TP +.BI "\-p, \-\-safe\-primes" +Generate RSA safe primes. +.TP +.BI "\-f, \-\-outform " encoding +Encoding of the generated private key. Either \fIder\fR (ASN.1 DER) or \fIpem\fR +(Base64 PEM), defaults +to \fIder\fR. +.PP +.SS "RSA Threshold Cryptography" +.TP +.BI "\-n, \-\-shares " <n> +Number of private RSA key shares. +.TP +.BI "\-l, \-\-threshold " <l> +Minimum number of participating RSA key shares. +. +.SH "PROBLEMS ON HOSTS WITH LOW ENTROPY" +. +If the +.I gmp +plugin is used to generate RSA private keys the key material is read from +.I /dev/random +(via the +.I random +plugin). Therefore, the command may block if the system's entropy pool is empty. +To avoid this, either use a hardware random number generator to feed +.I /dev/random +or use OpenSSL (via the +.I openssl +plugin or the command line) which is not as strict in regards to the quality of +the key material (it reads from +.I /dev/urandom +if necessary). It is also possible to configure the devices used by the +.I random +plugin in +.BR strongswan.conf (5). +Setting +.B libstrongswan.plugins.random.random +to +.I /dev/urandom +forces the plugin to treat bytes read from +.I /dev/urandom +as high grade random data, thus avoiding the blocking. Of +course, this doesn't change the fact that the key material generated this way is +of lower quality. +. +.SH "EXAMPLES" +. +.TP +.B pki \-\-gen \-\-size 3072 > rsa_key.der +Generates a 3072-bit RSA private key. +. +.TP +.B pki \-\-gen \-\-type ecdsa \-\-size 256 > ecdsa_key.der +Generates a 256-bit ECDSA private key. +. +.SH "SEE ALSO" +. +.BR pki (1) diff --git a/src/pki/man/pki---issue.1.in b/src/pki/man/pki---issue.1.in new file mode 100644 index 000000000..9effd9b15 --- /dev/null +++ b/src/pki/man/pki---issue.1.in @@ -0,0 +1,179 @@ +.TH "PKI \-\-ISSUE" 8 "2013-08-12" "@PACKAGE_VERSION@" "strongSwan" +. +.SH "NAME" +. +pki \-\-issue \- Issue a certificate using a CA certificate and key +. +.SH "SYNOPSIS" +. +.SY pki\ \-\-issue +.OP \-\-in file +.OP \-\-type type +.BI \-\-cakey\~ file |\-\-cakeyid\~ hex +.BI \-\-cacert\~ file +.OP \-\-dn subject-dn +.OP \-\-san subjectAltName +.OP \-\-lifetime days +.OP \-\-serial hex +.OP \-\-flag flag +.OP \-\-digest digest +.OP \-\-ca +.OP \-\-crl uri\ \fR[\fB\-\-crlissuer\ \fIissuer\fR] +.OP \-\-ocsp uri +.OP \-\-pathlen len +.OP \-\-nc-permitted name +.OP \-\-nc-excluded name +.OP \-\-policy\-mapping mapping +.OP \-\-policy\-explicit len +.OP \-\-policy\-inhibit len +.OP \-\-policy\-any len +.OP \-\-cert\-policy oid\ \fR[\fB\-\-cps\-uri\ \fIuri\fR]\ \fR[\fB\-\-user\-notice\ \fItext\fR] +.OP \-\-outform encoding +.OP \-\-debug level +.YS +. +.SY pki\ \-\-issue +.BI \-\-options\~ file +.YS +. +.SY "pki \-\-issue" +.B \-h +| +.B \-\-help +.YS +. +.SH "DESCRIPTION" +. +This sub-command of +.BR pki (1) +is used to issue a certificate using a CA certificate and private key. +. +.SH "OPTIONS" +. +.TP +.B "\-h, \-\-help" +Print usage information with a summary of the available options. +.TP +.BI "\-v, \-\-debug " level +Set debug level, default: 1. +.TP +.BI "\-+, \-\-options " file +Read command line options from \fIfile\fR. +.TP +.BI "\-i, \-\-in " file +Public key or PKCS#10 certificate request file to issue. If not given the +key/request is read from \fISTDIN\fR. +.TP +.BI "\-t, \-\-type " type +Type of the input. Either \fIpub\fR for a public key, or \fIpkcs10\fR for a +PKCS#10 certificate request, defaults to \fIpub\fR. +.TP +.BI "\-k, \-\-cakey " file +CA private key file. Either this or +.B \-\-cakeyid +is required. +.TP +.BI "\-x, \-\-cakeyid " hex +Key ID of a CA private key on a smartcard. Either this or +.B \-\-cakey +is required. +.TP +.BI "\-c, \-\-cacert " file +CA certificate file. Required. +.TP +.BI "\-d, \-\-dn " subject-dn +Subject distinguished name (DN) of the issued certificate. +.TP +.BI "\-a, \-\-san " subjectAltName +subjectAltName extension to include in certificate. Can be used multiple times. +.TP +.BI "\-l, \-\-lifetime " days +Days the certificate is valid, default: 1095. +.TP +.BI "\-s, \-\-serial " hex +Serial number in hex. It is randomly allocated by default. +.TP +.BI "\-e, \-\-flag " flag +Add extendedKeyUsage flag. One of \fIserverAuth\fR, \fIclientAuth\fR, +\fIcrlSign\fR, or \fIocspSigning\fR. Can be used multiple times. +.TP +.BI "\-g, \-\-digest " digest +Digest to use for signature creation. One of \fImd5\fR, \fIsha1\fR, +\fIsha224\fR, \fIsha256\fR, \fIsha384\fR, or \fIsha512\fR. Defaults to +\fIsha1\fR. +.TP +.BI "\-f, \-\-outform " encoding +Encoding of the created certificate file. Either \fIder\fR (ASN.1 DER) or +\fIpem\fR (Base64 PEM), defaults to \fIder\fR. +.TP +.BI "\-b, \-\-ca" +Include CA basicConstraint extension in certificate. +.TP +.BI "\-u, \-\-crl " uri +CRL distribution point URI to include in certificate. Can be used multiple +times. +.TP +.BI "\-I, \-\-crlissuer " issuer +Optional CRL issuer for the CRL at the preceding distribution point. +.TP +.BI "\-o, \-\-ocsp " uri +OCSP AuthorityInfoAccess URI to include in certificate. Can be used multiple +times. +.TP +.BI "\-p, \-\-pathlen " len +Set path length constraint. +.TP +.BI "\-n, \-\-nc-permitted " name +Add permitted NameConstraint extension to certificate. +.TP +.BI "\-N, \-\-nc-excluded " name +Add excluded NameConstraint extension to certificate. +.TP +.BI "\-M, \-\-policy-mapping " issuer-oid:subject-oid +Add policyMapping from issuer to subject OID. +.TP +.BI "\-E, \-\-policy-explicit " len +Add requireExplicitPolicy constraint. +.TP +.BI "\-H, \-\-policy-inhibit " len +Add inhibitPolicyMapping constraint. +.TP +.BI "\-A, \-\-policy-any " len +Add inhibitAnyPolicy constraint. +.PP +.SS "Certificate Policy" +Multiple certificatePolicy extensions can be added. Each with the following +information: +.TP +.BI "\-P, \-\-cert-policy " oid +OID to include in certificatePolicy extension. Required. +.TP +.BI "\-C, \-\-cps-uri " uri +Certification Practice statement URI for certificatePolicy. +.TP +.BI "\-U, \-\-user-notice " text +User notice for certificatePolicy. +. +.SH "EXAMPLES" +. +To save repetitive typing, command line options can be stored in files. +Lets assume +.I pki.opt +contains the following contents: +.PP +.EX + --cacert ca_cert.der --cakey ca_key.der --digest sha256 + --flag serverAuth --lifetime 1460 --type pkcs10 +.EE +.PP +Then the following command can be used to issue a certificate based on a +given PKCS#10 certificate request and the options above: +.PP +.EX + pki --issue --options pki.opt --in req.der > cert.der +.EE +.PP +. +.SH "SEE ALSO" +. +.BR pki (1)
\ No newline at end of file diff --git a/src/pki/man/pki---keyid.1.in b/src/pki/man/pki---keyid.1.in new file mode 100644 index 000000000..490f7afea --- /dev/null +++ b/src/pki/man/pki---keyid.1.in @@ -0,0 +1,72 @@ +.TH "PKI \-\-KEYID" 1 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan" +. +.SH "NAME" +. +pki \-\-keyid \- Calculate key identifiers of a key or certificate +. +.SH "SYNOPSIS" +. +.SY pki\ \-\-keyid +.OP \-\-in file +.OP \-\-type type +.OP \-\-debug level +.YS +. +.SY pki\ \-\-keyid +.BI \-\-options\~ file +.YS +. +.SY "pki \-\-keyid" +.B \-h +| +.B \-\-help +.YS +. +.SH "DESCRIPTION" +. +This sub-command of +.BR pki (1) +calculates key identifiers of private keys and certificates. +. +.SH "OPTIONS" +. +.TP +.B "\-h, \-\-help" +Print usage information with a summary of the available options. +.TP +.BI "\-v, \-\-debug " level +Set debug level, default: 1. +.TP +.BI "\-+, \-\-options " file +Read command line options from \fIfile\fR. +.TP +.BI "\-i, \-\-in " file +Input file. If not given the input is read from \fISTDIN\fR. +.TP +.BI "\-t, \-\-type " type +Type of input. One of \fIrsa-priv\fR (RSA private key), \fIecdsa-priv\fR (ECDSA +private key), \fIpub\fR (public key), \fIpkcs10\fR (PKCS#10 certificate +request), \fIx509\fR (X.509 certificate), defaults to \fIrsa-priv\fR. +. +.SH "EXAMPLES" +. +Calculate key identifiers of an RSA private key: +.PP +.EX + pki --keyid --in key.der + subjectKeyIdentifier: 6a:9c:74:d1:f8:89:79:89:f6:5a:94:e9:89:f1... + subjectPublicKeyInfo hash: 6e:55:dc:7e:9c:a5:58:d9:5b:e3:c7:13:14:e1... +.EE +.PP +Calculate key identifiers of an X.509 certificate: +.PP +.EX + pki --keyid --in cert.der --type x509 + subjectKeyIdentifier: 6a:9c:74:d1:f8:89:79:89:f6:5a:94:e9:89:f1... + subjectPublicKeyInfo hash: 6e:55:dc:7e:9c:a5:58:d9:5b:e3:c7:13:14:e1... +.EE +.PP +. +.SH "SEE ALSO" +. +.BR pki (1)
\ No newline at end of file diff --git a/src/pki/man/pki---pkcs7.1.in b/src/pki/man/pki---pkcs7.1.in new file mode 100644 index 000000000..38186cf70 --- /dev/null +++ b/src/pki/man/pki---pkcs7.1.in @@ -0,0 +1,79 @@ +.TH "PKI \-\-PKCS7" 1 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan" +. +.SH "NAME" +. +pki \-\-pkcs7 \- Provides PKCS#7 wrap/unwrap functions +. +.SH "SYNOPSIS" +. +.SY pki\ \-\-pkcs7 +.BR \-\-sign | \-\-verify | \-\-encrypt | \-\-decrypt | \-\-show +.OP \-\-in file +.OP \-\-cert file +.OP \-\-key file +.OP \-\-debug level +.YS +. +.SY pki\ \-\-pkcs7 +.BI \-\-options\~ file +.YS +. +.SY "pki \-\-pkcs7" +.B \-h +| +.B \-\-help +.YS +. +.SH "DESCRIPTION" +. +This sub-command of +.BR pki (1) +provides functions to wrap/unwrap PKCS#7 containers. +. +.SH "OPTIONS" +. +.TP +.B "\-h, \-\-help" +Print usage information with a summary of the available options. +.TP +.BI "\-v, \-\-debug " level +Set debug level, default: 1. +.TP +.BI "\-+, \-\-options " file +Read command line options from \fIfile\fR. +.TP +.BI "\-s, \-\-sign" +Create PKCS#7 signed-data. +.TP +.BI "\-u, \-\-verify" +Verify PKCS#7 signed-data. +.TP +.BI "\-e, \-\-encrypt" +Create PKCS#7 enveloped-data. +.TP +.BI "\-e, \-\-decrypt" +Decrypt PKCS#7 enveloped-data. +.TP +.BI "\-p, \-\-show" +Show information about PKCS#7 container, list certificates. +.TP +.BI "\-i, \-\-in " file +PKCS#7 input file. If not given the input is read from \fISTDIN\fR. +.TP +.BI "\-k, \-\-key " file +Private key used for +.B \-\-sign +and +.BR \-\-decrypt. +.TP +.BI "\-c, \-\-cert " file +Certificate for +.BR \-\-sign , +.B \-\-verify +and +.BR \-\-encrypt. +Can be used multiple times. +. +.SH "SEE ALSO" +. +.BR pki (1)
\ No newline at end of file diff --git a/src/pki/man/pki---print.1.in b/src/pki/man/pki---print.1.in new file mode 100644 index 000000000..8d3345edc --- /dev/null +++ b/src/pki/man/pki---print.1.in @@ -0,0 +1,53 @@ +.TH "PKI \-\-PRINT" 1 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan" +. +.SH "NAME" +. +pki \-\-print \- Print a credential (key, certificate etc.) in human readable form +. +.SH "SYNOPSIS" +. +.SY pki\ \-\-print +.OP \-\-in file +.OP \-\-type type +.OP \-\-debug level +.YS +. +.SY pki\ \-\-print +.BI \-\-options\~ file +.YS +. +.SY "pki \-\-print" +.B \-h +| +.B \-\-help +.YS +. +.SH "DESCRIPTION" +. +This sub-command of +.BR pki (1) +prints credentials (keys, certificates etc.) in human readable form. +. +.SH "OPTIONS" +. +.TP +.B "\-h, \-\-help" +Print usage information with a summary of the available options. +.TP +.BI "\-v, \-\-debug " level +Set debug level, default: 1. +.TP +.BI "\-+, \-\-options " file +Read command line options from \fIfile\fR. +.TP +.BI "\-i, \-\-in " file +Input file. If not given the input is read from \fISTDIN\fR. +.TP +.BI "\-t, \-\-type " type +Type of input. One of \fIrsa-priv\fR (RSA private key), \fIecdsa-priv\fR (ECDSA +private key), \fIpub\fR (public key), \fIx509\fR (X.509 certificate), \fIcrl\fR +(Certificate Revocation List, CRL), defaults to \fIx509\fR. +. +.SH "SEE ALSO" +. +.BR pki (1)
\ No newline at end of file diff --git a/src/pki/man/pki---pub.1.in b/src/pki/man/pki---pub.1.in new file mode 100644 index 000000000..c57e03a40 --- /dev/null +++ b/src/pki/man/pki---pub.1.in @@ -0,0 +1,77 @@ +.TH "PKI \-\-PUB" 1 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan" +. +.SH "NAME" +. +pki \-\-pub \- Extract a public key from a private key or certificate +. +.SH "SYNOPSIS" +. +.SY pki\ \-\-pub +.RB [ \-\-in +.IR file | \fB\-\-keyid\fR +.IR hex ] +.OP \-\-type type +.OP \-\-outform encoding +.OP \-\-debug level +.YS +. +.SY pki\ \-\-pub +.BI \-\-options\~ file +.YS +. +.SY "pki \-\-pub" +.B \-h +| +.B \-\-help +.YS +. +.SH "DESCRIPTION" +. +This sub-command of +.BR pki (1) +extracts public keys from a private keys and certificates. +. +.SH "OPTIONS" +. +.TP +.B "\-h, \-\-help" +Print usage information with a summary of the available options. +.TP +.BI "\-v, \-\-debug " level +Set debug level, default: 1. +.TP +.BI "\-+, \-\-options " file +Read command line options from \fIfile\fR. +.TP +.BI "\-i, \-\-in " file +Input file. If not given the input is read from \fISTDIN\fR. +.TP +.BI "\-t, \-\-type " type +Type of input. One of \fIrsa\fR (RSA private key), \fIecdsa\fR (ECDSA +private key), \fIpub\fR (public key), +\fIpkcs10\fR (PKCS#10 certificate request), or \fIx509\fR (X.509 certificate), +defaults to \fIrsa\fR. +.TP +.BI "\-f, \-\-outform " encoding +Encoding of the extracted public key. One of \fIder\fR (ASN.1 DER), \fIpem\fR +(Base64 PEM), \fIdnskey\fR (RFC 3110 DNS key), or \fIsshkey\fR (RFC 4253 SSH +key), defaults to \fIder\fR. +. +.SH "EXAMPLES" +. +Extract the public key from an RSA private key: +.PP +.EX + pki --pub --in key.der > pub.der +.EE +.PP +Extract the public key from an X.509 certificate: +.PP +.EX + pki --pub --in cert.der --type x509 > pub.der +.EE +.PP +. +.SH "SEE ALSO" +. +.BR pki (1) diff --git a/src/pki/man/pki---req.1.in b/src/pki/man/pki---req.1.in new file mode 100644 index 000000000..ab144ce2a --- /dev/null +++ b/src/pki/man/pki---req.1.in @@ -0,0 +1,91 @@ +.TH "PKI \-\-REQ" 1 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan" +. +.SH "NAME" +. +pki \-\-req \- Create a PKCS#10 certificate request +. +.SH "SYNOPSIS" +. +.SY pki\ \-\-req +.OP \-\-in file +.OP \-\-type type +.BI \-\-dn\~ distinguished-name +.OP \-\-san subjectAltName +.OP \-\-password password +.OP \-\-digest digest +.OP \-\-outform encoding +.OP \-\-debug level +.YS +. +.SY pki\ \-\-req +.BI \-\-options\~ file +.YS +. +.SY "pki \-\-req" +.B \-h +| +.B \-\-help +.YS +. +.SH "DESCRIPTION" +. +This sub-command of +.BR pki (1) +is used to create a PKCS#10 certificate request. +. +.SH "OPTIONS" +. +.TP +.B "\-h, \-\-help" +Print usage information with a summary of the available options. +.TP +.BI "\-v, \-\-debug " level +Set debug level, default: 1. +.TP +.BI "\-+, \-\-options " file +Read command line options from \fIfile\fR. +.TP +.BI "\-i, \-\-in " file +Private key input file. If not given the key is read from \fISTDIN\fR. +.TP +.BI "\-t, \-\-type " type +Type of the input key. Either \fIrsa\fR or \fIecdsa\fR, defaults to \fIrsa\fR. +.TP +.BI "\-d, \-\-dn " distinguished-name +Subject distinguished name (DN). Required. +.TP +.BI "\-a, \-\-san " subjectAltName +subjectAltName extension to include in request. Can be used multiple times. +.TP +.BI "\-p, \-\-password " password +The challengePassword to include in the certificate request. +.TP +.BI "\-g, \-\-digest " digest +Digest to use for signature creation. One of \fImd5\fR, \fIsha1\fR, +\fIsha224\fR, \fIsha256\fR, \fIsha384\fR, or \fIsha512\fR. Defaults to +\fIsha1\fR. +.TP +.BI "\-f, \-\-outform " encoding +Encoding of the created certificate file. Either \fIder\fR (ASN.1 DER) or +\fIpem\fR (Base64 PEM), defaults to \fIder\fR. +. +.SH "EXAMPLES" +. +Generate a certificate request for an RSA key, with a subjectAltName extension: +.PP +.EX + pki \-\-req \-\-in key.der \-\-dn "C=CH, O=strongSwan, CN=moon" \\ + \-\-san moon@strongswan.org > req.der +.EE +.PP +Generate a certificate request for an ECDSA key and a different digest: +.PP +.EX + pki \-\-req \-\-in key.der \-\-type ecdsa \-\-digest sha256 \\ + \-\-dn "C=CH, O=strongSwan, CN=carol" > req.der +.EE +.PP +. +.SH "SEE ALSO" +. +.BR pki (1)
\ No newline at end of file diff --git a/src/pki/man/pki---self.1.in b/src/pki/man/pki---self.1.in new file mode 100644 index 000000000..ee42cf9a0 --- /dev/null +++ b/src/pki/man/pki---self.1.in @@ -0,0 +1,148 @@ +.TH "PKI \-\-SELF" 1 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan" +. +.SH "NAME" +. +pki \-\-self \- Create a self-signed certificate +. +.SH "SYNOPSIS" +. +.SY pki\ \-\-self +.RB [ \-\-in +.IR file | \fB\-\-keyid\fR +.IR hex ] +.OP \-\-type t +.BI \-\-dn\~ distinguished-name +.OP \-\-san subjectAltName +.OP \-\-lifetime days +.OP \-\-serial hex +.OP \-\-flag flag +.OP \-\-digest digest +.OP \-\-ca +.OP \-\-ocsp uri +.OP \-\-pathlen len +.OP \-\-nc-permitted name +.OP \-\-nc-excluded name +.OP \-\-policy\-mapping mapping +.OP \-\-policy\-explicit len +.OP \-\-policy\-inhibit len +.OP \-\-policy\-any len +.OP \-\-cert\-policy oid\ \fR[\fB\-\-cps\-uri\ \fIuri\fR]\ \fR[\fB\-\-user\-notice\ \fItext\fR] +.OP \-\-outform encoding +.OP \-\-debug level +.YS +. +.SY pki\ \-\-self +.BI \-\-options\~ file +.YS +. +.SY "pki \-\-self" +.B \-h +| +.B \-\-help +.YS +. +.SH "DESCRIPTION" +. +This sub-command of +.BR pki (1) +is used to create a self-signed certificate. +. +.SH "OPTIONS" +. +.TP +.B "\-h, \-\-help" +Print usage information with a summary of the available options. +.TP +.BI "\-v, \-\-debug " level +Set debug level, default: 1. +.TP +.BI "\-+, \-\-options " file +Read command line options from \fIfile\fR. +.TP +.BI "\-i, \-\-in " file +Private key input file. If not given the key is read from \fISTDIN\fR. +.TP +.BI "\-x, \-\-keyid " hex +Key ID of a private key on a smartcard. +.TP +.BI "\-t, \-\-type " type +Type of the input key. Either \fIrsa\fR or \fIecdsa\fR, defaults to \fIrsa\fR. +.TP +.BI "\-d, \-\-dn " distinguished-name +Subject and issuer distinguished name (DN). Required. +.TP +.BI "\-a, \-\-san " subjectAltName +subjectAltName extension to include in certificate. Can be used multiple times. +.TP +.BI "\-l, \-\-lifetime " days +Days the certificate is valid, default: 1095. +.TP +.BI "\-s, \-\-serial " hex +Serial number in hex. It is randomly allocated by default. +.TP +.BI "\-e, \-\-flag " flag +Add extendedKeyUsage flag. One of \fIserverAuth\fR, \fIclientAuth\fR, +\fIcrlSign\fR, or \fIocspSigning\fR. Can be used multiple times. +.TP +.BI "\-g, \-\-digest " digest +Digest to use for signature creation. One of \fImd5\fR, \fIsha1\fR, +\fIsha224\fR, \fIsha256\fR, \fIsha384\fR, or \fIsha512\fR. Defaults to +\fIsha1\fR. +.TP +.BI "\-f, \-\-outform " encoding +Encoding of the created certificate file. Either \fIder\fR (ASN.1 DER) or +\fIpem\fR (Base64 PEM), defaults to \fIder\fR. +.TP +.BI "\-b, \-\-ca" +Include CA basicConstraint extension in certificate. +.TP +.BI "\-o, \-\-ocsp " uri +OCSP AuthorityInfoAccess URI to include in certificate. Can be used multiple +times. +.TP +.BI "\-p, \-\-pathlen " len +Set path length constraint. +.TP +.BI "\-n, \-\-nc-permitted " name +Add permitted NameConstraint extension to certificate. +.TP +.BI "\-N, \-\-nc-excluded " name +Add excluded NameConstraint extension to certificate. +.TP +.BI "\-M, \-\-policy-mapping " issuer-oid:subject-oid +Add policyMapping from issuer to subject OID. +.TP +.BI "\-E, \-\-policy-explicit " len +Add requireExplicitPolicy constraint. +.TP +.BI "\-H, \-\-policy-inhibit " len +Add inhibitPolicyMapping constraint. +.TP +.BI "\-A, \-\-policy-any " len +Add inhibitAnyPolicy constraint. +.PP +.SS "Certificate Policy" +Multiple certificatePolicy extensions can be added. Each with the following +information: +.TP +.BI "\-P, \-\-cert-policy " oid +OID to include in certificatePolicy extension. Required. +.TP +.BI "\-C, \-\-cps-uri " uri +Certification Practice statement URI for certificatePolicy. +.TP +.BI "\-U, \-\-user-notice " text +User notice for certificatePolicy. +. +.SH "EXAMPLES" +. +Generate a self-signed certificate using the given RSA key: +.PP +.EX + pki \-\-self \-\-in key.der \-\-dn "C=CH, O=strongSwan, CN=moon" \\ + \-\-san moon.strongswan.org > cert.der +.EE +. +.SH "SEE ALSO" +. +.BR pki (1)
\ No newline at end of file diff --git a/src/pki/man/pki---signcrl.1.in b/src/pki/man/pki---signcrl.1.in new file mode 100644 index 000000000..6ba96f6bc --- /dev/null +++ b/src/pki/man/pki---signcrl.1.in @@ -0,0 +1,124 @@ +.TH "PKI \-\-SIGNCRL" 1 "2013-08-12" "@PACKAGE_VERSION@" "strongSwan" +. +.SH "NAME" +. +pki \-\-signcrl \- Issue a Certificate Revocation List (CRL) using a CA certificate and key +. +.SH "SYNOPSIS" +. +.SY pki\ \-\-signcrl +.BI \-\-cakey\~ file |\-\-cakeyid\~ hex +.BI \-\-cacert\~ file +.OP \-\-lifetime days +.OP \-\-lastcrl crl +.OP \-\-basecrl crl +.OP \-\-crluri uri +.OP \-\-digest digest +.OP \fR[\fB\-\-reason\ \fIreason\fR]\ \fR[\fB\-\-date\ \fIts\fR]\ \fB\-\-cert\ \fIfile\fB|\-\-serial\ \fIhex\fR +.OP \-\-outform encoding +.OP \-\-debug level +.YS +. +.SY pki\ \-\-signcrl +.BI \-\-options\~ file +.YS +. +.SY "pki \-\-signcrl" +.B \-h +| +.B \-\-help +.YS +. +.SH "DESCRIPTION" +. +This sub-command of +.BR pki (1) +is used to issue a Certificate Revocation List (CRL) using a CA certificate and +private key. +. +.SH "OPTIONS" +. +.TP +.B "\-h, \-\-help" +Print usage information with a summary of the available options. +.TP +.BI "\-v, \-\-debug " level +Set debug level, default: 1. +.TP +.BI "\-+, \-\-options " file +Read command line options from \fIfile\fR. +.TP +.BI "\-k, \-\-cakey " file +CA private key file. Either this or +.B \-\-cakeyid +is required. +.TP +.BI "\-x, \-\-cakeyid " hex +Key ID of a CA private key on a smartcard. Either this or +.B \-\-cakey +is required. +.TP +.BI "\-c, \-\-cacert " file +CA certificate file. Required. +.TP +.BI "\-l, \-\-lifetime " days +Days until the CRL gets a nextUpdate, default: 15. +.TP +.BI "\-a, \-\-lastcrl " crl +CRL of lastUpdate to copy revocations from. +.TP +.BI "\-b, \-\-basecrl " crl +Base CRL to create a delta CRL for. +.TP +.BI "\-u, \-\-crluri " uri +Freshest delta CRL URI to include in CRL. Can be used multiple times. +.TP +.BI "\-g, \-\-digest " digest +Digest to use for signature creation. One of \fImd5\fR, \fIsha1\fR, +\fIsha224\fR, \fIsha256\fR, \fIsha384\fR, or \fIsha512\fR. Defaults to +\fIsha1\fR. +.TP +.BI "\-f, \-\-outform " encoding +Encoding of the created certificate file. Either \fIder\fR (ASN.1 DER) or +\fIpem\fR (Base64 PEM), defaults to \fIder\fR. +.PP +.SS "Revoked Certificates" +Multiple revoked certificates can be added to the CRL by either providing the +certificate file or the respective serial number directly. +A reason and a timestamp can be configured for each revocation (they have to be +given before each certificate/serial on the command line). +.TP +.BI "\-r, \-\-reason " reason +The reason why the certificate was revoked. One of \fIkey\-compromise\fR, +\fIca\-compromise\fR, \fIaffiliation\-changed\fR, \fIsuperseded\fR, +\fIcessation\-of\-operation\fR, or \fIcertificate\-hold\fR. +.TP +.BI "\-d, \-\-date " ts +Revocation date as Unix timestamp. Defaults to the current time. +.TP +.BI "\-z, \-\-cert " file +Certificate file to revoke. +.TP +.BI "\-s, \-\-serial " hex +Hexadecimal encoded serial number of the certificate to revoke. +. +.SH "EXAMPLES" +. +Revoke a certificate: +.PP +.EX + pki \-\-signcrl \-\-cacert ca_cert.der \-\-cakey ca_key.der \\ + \-\-reason superseded \-\-cert cert.der > crl.der +.EE +.PP +Update an existing CRL with two new revocations, using the certificate's serial +number, but no reason: +.PP +.EX + pki \-\-signcrl \-\-cacert ca_cert.der \-\-cakey ca_key.der \\ + \-\-lastcrl old_crl.der \-\-serial 0123 \-\-serial 0345 > crl.der +.EE +.PP +.SH "SEE ALSO" +. +.BR pki (1)
\ No newline at end of file diff --git a/src/pki/man/pki---verify.1.in b/src/pki/man/pki---verify.1.in new file mode 100644 index 000000000..de34acad4 --- /dev/null +++ b/src/pki/man/pki---verify.1.in @@ -0,0 +1,56 @@ +.TH "PKI \-\-VERIFY" 1 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan" +. +.SH "NAME" +. +pki \-\-verify \- Verify a certificate using a CA certificate +. +.SH "SYNOPSIS" +. +.SY pki\ \-\-verify +.OP \-\-in file +.OP \-\-cacert file +.OP \-\-debug level +.YS +. +.SY pki\ \-\-verify +.BI \-\-options\~ file +.YS +. +.SY "pki \-\-verify" +.B \-h +| +.B \-\-help +.YS +. +.SH "DESCRIPTION" +. +This sub-command of +.BR pki (1) +verifies a certificate using an optional CA certificate. +. +.SH "OPTIONS" +. +.TP +.B "\-h, \-\-help" +Print usage information with a summary of the available options. +.TP +.BI "\-v, \-\-debug " level +Set debug level, default: 1. +.TP +.BI "\-+, \-\-options " file +Read command line options from \fIfile\fR. +.TP +.BI "\-i, \-\-in " file +X.509 certificate to verify. If not given it is read from \fISTDIN\fR. +.TP +.BI "\-c, \-\-cacert " file +CA certificate to use. If not given the certificate is assumed to be +self-signed. +. +.SH "EXIT STATUS" +The exit status is 0 if the certificate was verified successfully, and 2 if +the verification failed. +. +.SH "SEE ALSO" +. +.BR pki (1)
\ No newline at end of file diff --git a/src/pki/man/pki.1.in b/src/pki/man/pki.1.in new file mode 100644 index 000000000..8dfc53af3 --- /dev/null +++ b/src/pki/man/pki.1.in @@ -0,0 +1,156 @@ +.TH PKI 1 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan" +. +.SH "NAME" +. +pki \- Simple public key infrastructure (PKI) management tool +. +.SH "SYNOPSIS" +. +.SY "pki" +.I command +.RI [ option\~ .\|.\|.] +.YS +. +.SY "pki" +.B \-h +| +.B \-\-help +.YS +. +.SH "DESCRIPTION" +. +.B pki +is a suite of commands that allow you to manage a simple public key +infrastructure (PKI). +.P +Generate RSA and ECDSA key pairs, create PKCS#10 certificate requests +containing subjectAltNames, create X.509 self-signed end-entity and root CA +certificates, issue end-entity and intermediate CA certificates signed by the +private key of a CA and containing subjectAltNames, CRL distribution points +and URIs of OCSP servers. You can also extract raw public keys from private +keys, certificate requests and certificates and compute two kinds of SHA-1-based +key IDs. +. +.SH "COMMANDS" +. +.TP +.B "\-h, \-\-help" +Prints usage information and a short summary of the available commands. +.TP +.B "\-g, \-\-gen" +Generate a new private key. +.TP +.B "\-s, \-\-self" +Create a self-signed certificate. +.TP +.B "\-i, \-\-issue" +Issue a certificate using a CA certificate and key. +.TP +.B "\-c, \-\-signcrl" +Issue a CRL using a CA certificate and key. +.TP +.B "\-r, \-\-req" +Create a PKCS#10 certificate request. +.TP +.B "\-7, \-\-pkcs7" +Provides PKCS#7 wrap/unwrap functions. +.TP +.B "\-k, \-\-keyid" +Calculate key identifiers of a key or certificate. +.TP +.B "\-a, \-\-print" +Print a credential (key, certificate etc.) in human readable form. +.TP +.B "\-p, \-\-pub" +Extract a public key from a private key or certificate. +.TP +.B "\-v, \-\-verify" +Verify a certificate using a CA certificate. +. +.SH "EXAMPLES" +. +.SS "Generating a CA Certificate" +. +The first step is to generate a private key using the +.B \-\-gen +command. By default this generates a 2048-bit RSA key. +.PP +.EX + pki \-\-gen > ca_key.der +.EE +.PP +This key is used to create the self-signed CA certificate, using the +.B \-\-self +command. The distinguished name should be adjusted to your needs. +.PP +.EX + pki \-\-self \-\-ca \-\-in ca_key.der \\ + \-\-dn "C=CH, O=strongSwan, CN=strongSwan CA" > ca_cert.der +.EE +.PP +. +.SS "Generating End-Entity Certificates" +. +With the root CA certificate and key at hand end-entity certificates for clients +and servers can be issued. Similarly intermediate CA certificates can be issued, +which in turn can issue other certificates. +To generate a certificate for a server, we start by generating a private key. +.PP +.EX + pki \-\-gen > server_key.der +.EE +.PP +The public key will be included in the certificate so lets extract that from the +private key. +.PP +.EX + pki \-\-pub \-\-in server_key.der > server_pub.der +.EE +.PP +The following command will use the CA certificate and private key to issue the +certificate for this server. Adjust the distinguished name, subjectAltName(s) +and flags as needed (check +.BR pki\ \-\-issue (8) +for more options). +.PP +.EX + pki \-\-issue \-\-in server_pub.der \-\-cacert ca_cert.der \\ + \-\-cakey ca_key.der \-\-dn "C=CH, O=strongSwan, CN=VPN Server" \\ + \-\-san vpn.strongswan.org \-\-flag serverAuth > server_cert.der +.EE +.PP +Instead of storing the public key in a separate +file, the output of +.B \-\-pub +may also be piped directly into the above command. +. +.SS "Generating Certificate Revocation Lists (CRL)" +. +If end-entity certificates have to be revoked, CRLs may be generated using +the +.B \-\-signcrl +command. +.PP +.EX + pki \-\-signcrl \-\-cacert ca_cert.der \-\-cakey ca_key.der \\ + \-\-reason superseded \-\-cert server_cert.der > crl.der +.EE +.PP +The certificate given with \-\-cacert must be either a CA certificate or a +certificate with the +.I crlSign +extended key usage (\-\-flag crlSign). URIs to CRLs may be included in issued +certificates with the \-\-crl option. +. +.SH "SEE ALSO" +. +.BR pki\ \-\-gen (1), +.BR pki\ \-\-self (1), +.BR pki\ \-\-issue (1), +.BR pki\ \-\-signcrl (1), +.BR pki\ \-\-req (1), +.BR pki\ \-\-pkcs7 (1), +.BR pki\ \-\-keyid (1), +.BR pki\ \-\-print (1), +.BR pki\ \-\-pub (1), +.BR pki\ \-\-verify (1) diff --git a/src/pki/pki.c b/src/pki/pki.c index c3039a649..ecc0702cd 100644 --- a/src/pki/pki.c +++ b/src/pki/pki.c @@ -81,7 +81,18 @@ bool get_form(char *form, cred_encoding_type_t *enc, credential_type_t type) switch (type) { case CRED_PUBLIC_KEY: - *enc =PUBKEY_DNSKEY; + *enc = PUBKEY_DNSKEY; + return TRUE; + default: + return FALSE; + } + } + else if (streq(form, "sshkey")) + { + switch (type) + { + case CRED_PUBLIC_KEY: + *enc = PUBKEY_SSHKEY; return TRUE; default: return FALSE; |