Renamed new options to include \'_\'

Signed-off-by: Stephan Wurm <atomisirsi@gsklan.de>

CHANGES.md

@@ -25,7 +25,7 @@ OpenSSL 3.2
 
 ### Changes between 3.1 and 3.2 [xx XXX xxxx]
 
- * Added options `--notbefore` and `--notafter` for explicit setting
+ * Added options `--not_before` and `--not_after` for explicit setting
    start and end dates of certificates created with the `req` and `x509`
    apps. Added the same options also to `ca` app as alias for
    `--startdate` and `--enddate` options.

apps/ca.c

@@ -150,7 +150,7 @@ typedef enum OPTION_choice {
     OPT_IN, OPT_INFORM, OPT_OUT, OPT_DATEOPT, OPT_OUTDIR, OPT_VFYOPT,
     OPT_SIGOPT, OPT_NOTEXT, OPT_BATCH, OPT_PRESERVEDN, OPT_NOEMAILDN,
     OPT_GENCRL, OPT_MSIE_HACK, OPT_CRL_LASTUPDATE, OPT_CRL_NEXTUPDATE,
-    OPT_CRLDAYS, OPT_CRLHOURS, OPT_CRLSEC, OPT_NOTBEFORE, OPT_NOTAFTER,
+    OPT_CRLDAYS, OPT_CRLHOURS, OPT_CRLSEC, OPT_NOT_BEFORE, OPT_NOT_AFTER,
     OPT_INFILES, OPT_SS_CERT, OPT_SPKAC, OPT_REVOKE, OPT_VALID,
     OPT_EXTENSIONS, OPT_EXTFILE, OPT_STATUS, OPT_UPDATEDB, OPT_CRLEXTS,
     OPT_RAND_SERIAL, OPT_QUIET,
@@ -200,10 +200,10 @@ const OPTIONS ca_options[] = {
     {"multivalue-rdn", OPT_MULTIVALUE_RDN, '-',
      "Deprecated; multi-valued RDNs support is always on."},
     {"startdate", OPT_STARTDATE, 's', "Cert notBefore, YYMMDDHHMMSSZ"},
-    {"notbefore", OPT_NOTBEFORE, 's', "An alias for -startdate"},
+    {"not_before", OPT_NOT_BEFORE, 's', "An alias for -startdate"},
     {"enddate", OPT_ENDDATE, 's',
      "YYMMDDHHMMSSZ cert notAfter (overrides -days)"},
-    {"notafter", OPT_NOTAFTER, 's', "An alias for -enddate"},
+    {"not_after", OPT_NOT_AFTER, 's', "An alias for -enddate"},
     {"days", OPT_DAYS, 'p', "Number of days to certify the cert for"},
     {"extensions", OPT_EXTENSIONS, 's',
      "Extension section (override value in config file)"},
@@ -361,11 +361,11 @@ int ca_main(int argc, char **argv)
             /* obsolete */
             break;
         case OPT_STARTDATE:
-        case OPT_NOTBEFORE:
+        case OPT_NOT_BEFORE:
             startdate = opt_arg();
             break;
         case OPT_ENDDATE:
-        case OPT_NOTAFTER:
+        case OPT_NOT_AFTER:
             enddate = opt_arg();
             break;
         case OPT_DAYS:

apps/req.c

@@ -87,7 +87,7 @@ typedef enum OPTION_choice {
     OPT_VERIFY, OPT_NOENC, OPT_NODES, OPT_NOOUT, OPT_VERBOSE, OPT_UTF8,
     OPT_NAMEOPT, OPT_REQOPT, OPT_SUBJ, OPT_SUBJECT, OPT_TEXT,
     OPT_X509, OPT_X509V1, OPT_CA, OPT_CAKEY,
-    OPT_MULTIVALUE_RDN, OPT_NOTBEFORE, OPT_NOTAFTER, OPT_DAYS, OPT_SET_SERIAL,
+    OPT_MULTIVALUE_RDN, OPT_NOT_BEFORE, OPT_NOT_AFTER, OPT_DAYS, OPT_SET_SERIAL,
     OPT_COPY_EXTENSIONS, OPT_EXTENSIONS, OPT_REQEXTS, OPT_ADDEXT,
     OPT_PRECERT, OPT_MD,
     OPT_SECTION, OPT_QUIET,
@@ -127,8 +127,8 @@ const OPTIONS req_options[] = {
      "Print the subject of the output request or cert"},
     {"multivalue-rdn", OPT_MULTIVALUE_RDN, '-',
      "Deprecated; multi-valued RDNs support is always on."},
-    {"notbefore", OPT_NOTBEFORE, 's', "Cert notBefore, YYMMDDHHMMSSZ"},
-    {"notafter", OPT_NOTAFTER, 's',
+    {"not_before", OPT_NOT_BEFORE, 's', "Cert notBefore, YYMMDDHHMMSSZ"},
+    {"not_after", OPT_NOT_AFTER, 's',
      "YYMMDDHHMMSSZ cert notAfter (overrides -days)"},
     {"days", OPT_DAYS, 'p', "Number of days cert is valid for"},
     {"set_serial", OPT_SET_SERIAL, 's', "Serial number to use"},
@@ -262,7 +262,7 @@ int req_main(int argc, char **argv)
     char *template = default_config_file, *keyout = NULL;
     const char *keyalg = NULL;
     OPTION_CHOICE o;
-    char *notbefore = NULL, *notafter = NULL;
+    char *not_before = NULL, *not_after = NULL;
     int days = UNSET_DAYS;
     int ret = 1, gen_x509 = 0, i = 0, newreq = 0, verbose = 0, progress = 1;
     int informat = FORMAT_UNDEF, outformat = FORMAT_PEM, keyform = FORMAT_UNDEF;
@@ -427,11 +427,11 @@ int req_main(int argc, char **argv)
         case OPT_CAKEY:
             CAkeyfile = opt_arg();
             break;
-        case OPT_NOTBEFORE:
-            notbefore = opt_arg();
+        case OPT_NOT_BEFORE:
+            not_before = opt_arg();
             break;
-        case OPT_NOTAFTER:
-            notafter = opt_arg();
+        case OPT_NOT_AFTER:
+            not_after = opt_arg();
             break;
         case OPT_DAYS:
             days = atoi(opt_arg());
@@ -505,10 +505,10 @@ int req_main(int argc, char **argv)
     if (!gen_x509) {
         if (days != UNSET_DAYS)
             BIO_printf(bio_err, "Ignoring -days without -x509; not generating a certificate\n");
-        if (notbefore != NULL)
-            BIO_printf(bio_err, "Ignoring -notbefore without -x509; not generating a certificate\n");
-        if (notafter != NULL)
-            BIO_printf(bio_err, "Ignoring -notafter without -x509; not generating a certificate\n");
+        if (not_before != NULL)
+            BIO_printf(bio_err, "Ignoring -not_before without -x509; not generating a certificate\n");
+        if (not_after != NULL)
+            BIO_printf(bio_err, "Ignoring -not_after without -x509; not generating a certificate\n");
         if (ext_copy == EXT_COPY_NONE)
             BIO_printf(bio_err, "Ignoring -copy_extensions 'none' when -x509 is not given\n");
     }
@@ -817,23 +817,23 @@ int req_main(int argc, char **argv)
             if (!X509_set_issuer_name(new_x509, issuer))
                 goto end;
 
-            if (notbefore != NULL && !ASN1_TIME_set_string_X509(NULL, notbefore)) {
+            if (not_before != NULL && !ASN1_TIME_set_string_X509(NULL, not_before)) {
                 BIO_printf(bio_err,
                            "start date is invalid, it should be YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ\n");
                 goto end;
             }
 
-            if (notafter != NULL && !ASN1_TIME_set_string_X509(NULL, notafter)) {
+            if (not_after != NULL && !ASN1_TIME_set_string_X509(NULL, not_after)) {
                 BIO_printf(bio_err,
                            "end date is invalid, it should be YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ\n");
                 goto end;
             }
-            if (notafter != NULL && days != UNSET_DAYS)
-                BIO_printf(bio_err, "-notafter option overriding -days option\n");
+            if (not_after != NULL && days != UNSET_DAYS)
+                BIO_printf(bio_err, "-not_after option overriding -days option\n");
 
             if (days == UNSET_DAYS)
                 days = DEFAULT_DAYS;
-            if (!set_cert_times(new_x509, notbefore, notafter, days))
+            if (!set_cert_times(new_x509, not_before, not_after, days))
                 goto end;
             if (ASN1_TIME_compare(X509_get0_notAfter(new_x509), X509_get0_notBefore(new_x509)) < 0) {
                 BIO_printf(bio_err, "end date before start date\n");

apps/x509.c

@@ -53,7 +53,7 @@ typedef enum OPTION_choice {
     OPT_CLRREJECT, OPT_ALIAS, OPT_CACREATESERIAL, OPT_CLREXT, OPT_OCSPID,
     OPT_SUBJECT_HASH_OLD, OPT_ISSUER_HASH_OLD, OPT_COPY_EXTENSIONS,
     OPT_BADSIG, OPT_MD, OPT_ENGINE, OPT_NOCERT, OPT_PRESERVE_DATES,
-    OPT_NOTBEFORE, OPT_NOTAFTER,
+    OPT_NOT_BEFORE, OPT_NOT_AFTER,
     OPT_R_ENUM, OPT_PROV_ENUM, OPT_EXT
 } OPTION_CHOICE;
 
@@ -135,8 +135,8 @@ const OPTIONS x509_options[] = {
      "Serial number to use, overrides -CAserial"},
     {"next_serial", OPT_NEXT_SERIAL, '-',
      "Increment current certificate serial number"},
-    {"notbefore", OPT_NOTBEFORE, 's', "Cert notBefore, YYMMDDHHMMSSZ"},
-    {"notafter", OPT_NOTAFTER, 's',
+    {"not_before", OPT_NOT_BEFORE, 's', "Cert notBefore, YYMMDDHHMMSSZ"},
+    {"not_after", OPT_NOT_AFTER, 's',
      "YYMMDDHHMMSSZ cert notAfter (overrides -days)"},
     {"days", OPT_DAYS, 'n',
      "Number of days until newly generated certificate expires - default 30"},
@@ -280,7 +280,7 @@ int x509_main(int argc, char **argv)
     char *ext_names = NULL;
     char *extsect = NULL, *extfile = NULL, *passin = NULL, *passinarg = NULL;
     char *infile = NULL, *outfile = NULL, *privkeyfile = NULL, *CAfile = NULL;
-    char *prog, *notbefore = NULL, *notafter = NULL;
+    char *prog, *not_before = NULL, *not_after = NULL;
     int days = UNSET_DAYS; /* not explicitly set */
     int x509toreq = 0, modulus = 0, print_pubkey = 0, pprint = 0;
     int CAformat = FORMAT_UNDEF, CAkeyformat = FORMAT_UNDEF;
@@ -377,11 +377,11 @@ int x509_main(int argc, char **argv)
             if (!vfyopts || !sk_OPENSSL_STRING_push(vfyopts, opt_arg()))
                 goto opthelp;
             break;
-        case OPT_NOTBEFORE:
-            notbefore = opt_arg();
+        case OPT_NOT_BEFORE:
+            not_before = opt_arg();
             break;
-        case OPT_NOTAFTER:
-            notafter = opt_arg();
+        case OPT_NOT_AFTER:
+            not_after = opt_arg();
             break;
         case OPT_DAYS:
             days = atoi(opt_arg());
@@ -614,21 +614,21 @@ int x509_main(int argc, char **argv)
     if (!opt_check_md(digest))
         goto opthelp;
 
-    if (preserve_dates && notbefore != NULL) {
-        BIO_printf(bio_err, "Cannot use -preserve_dates with -notbefore option\n");
+    if (preserve_dates && not_before != NULL) {
+        BIO_printf(bio_err, "Cannot use -preserve_dates with -not_before option\n");
         goto err;
     }
-    if (notbefore != NULL && !ASN1_TIME_set_string_X509(NULL, notbefore)) {
+    if (not_before != NULL && !ASN1_TIME_set_string_X509(NULL, not_before)) {
         BIO_printf(bio_err,
                    "start date is invalid, it should be YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ\n");
         goto err;
     }
 
-    if (preserve_dates && notafter != NULL) {
-        BIO_printf(bio_err, "Cannot use -preserve_dates with -notafter option\n");
+    if (preserve_dates && not_after != NULL) {
+        BIO_printf(bio_err, "Cannot use -preserve_dates with -not_after option\n");
         goto err;
     }
-    if (notafter != NULL && !ASN1_TIME_set_string_X509(NULL, notafter)) {
+    if (not_after != NULL && !ASN1_TIME_set_string_X509(NULL, not_after)) {
         BIO_printf(bio_err,
                    "end date is invalid, it should be YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ\n");
         goto err;
@@ -638,8 +638,8 @@ int x509_main(int argc, char **argv)
         BIO_printf(bio_err, "Cannot use -preserve_dates with -days option\n");
         goto err;
     }
-    if (notafter != NULL && days != UNSET_DAYS) {
-        BIO_printf(bio_err, "-notafter overrides -days option\n");
+    if (not_after != NULL && days != UNSET_DAYS) {
+        BIO_printf(bio_err, "-not_after overrides -days option\n");
     }
     if (days == UNSET_DAYS)
         days = DEFAULT_DAYS;
@@ -861,7 +861,7 @@ int x509_main(int argc, char **argv)
         goto end;
 
     if (reqfile || newcert || privkey != NULL || CAfile != NULL) {
-        if (!preserve_dates && !set_cert_times(x, notbefore, notafter, days))
+        if (!preserve_dates && !set_cert_times(x, not_before, not_after, days))
             goto end;
         if (ASN1_TIME_compare(X509_get0_notAfter(x), X509_get0_notBefore(x)) < 0) {
             BIO_printf(bio_err, "Error: end date before start date\n");

doc/man1/openssl-ca.pod.in

@@ -30,9 +30,9 @@ B<openssl> B<ca>
 [B<-crlsec> I<seconds>]
 [B<-crlexts> I<section>]
 [B<-startdate> I<date>]
-[B<-notbefore> I<date>]
+[B<-not_before> I<date>]
 [B<-enddate> I<date>]
-[B<-notafter> I<date>]
+[B<-not_after> I<date>]
 [B<-days> I<arg>]
 [B<-md> I<arg>]
 [B<-policy> I<arg>]
@@ -228,14 +228,14 @@ Don't output the text form of a certificate to the output file.
 Specify the date output format. Values are: rfc_822 and iso_8601.
 Defaults to rfc_822.
 
-=item B<-startdate> I<date>, B<-notbefore> I<date>
+=item B<-startdate> I<date>, B<-not_before> I<date>
 
 This allows the start date to be explicitly set. The format of the
 date is YYMMDDHHMMSSZ (the same as an ASN1 UTCTime structure), or
 YYYYMMDDHHMMSSZ (the same as an ASN1 GeneralizedTime structure). In
 both formats, seconds SS and timezone Z must be present.
 
-=item B<-enddate> I<date>, B<-notafter> I<date>
+=item B<-enddate> I<date>, B<-not_after> I<date>
 
 This allows the expiry date to be explicitly set. The format of the
 date is YYMMDDHHMMSSZ (the same as an ASN1 UTCTime structure), or

doc/man1/openssl-req.pod.in

@@ -36,8 +36,8 @@ B<openssl> B<req>
 [B<-x509v1>]
 [B<-CA> I<filename>|I<uri>]
 [B<-CAkey> I<filename>|I<uri>]
-[B<-notbefore> I<date>]
-[B<-notafter> I<date>]
+[B<-not_before> I<date>]
+[B<-not_after> I<date>]
 [B<-days> I<n>]
 [B<-set_serial> I<n>]
 [B<-newhdr>]
@@ -327,15 +327,15 @@ Sets the "CA" private key to sign a certificate with.
 The private key must match the public key of the certificate given with B<-CA>.
 If this option is not provided then the key must be present in the B<-CA> input.
 
-=item B<-notbefore> I<date>
+=item B<-not_before> I<date>
 
 When B<-x509> is in use this allows the start date to be explicitly set,
 otherwise it is ignored. The format of I<date> is YYMMDDHHMMSSZ (the
 same as an ASN1 UTCTime structure), or YYYYMMDDHHMMSSZ (the same as an
 ASN1 GeneralizedTime structure). In both formats, seconds SS and
 timezone Z must be present.
 
-=item B<-notafter> I<date>
+=item B<-not_after> I<date>
 
 When B<-x509> is in use this allows the expiry date to be explicitly
 set, otherwise it is ignored. The format of I<date> is YYMMDDHHMMSSZ
@@ -351,9 +351,9 @@ When B<-x509> is in use this specifies the number of days from today to
 certify the certificate for, otherwise it is ignored. I<n> should
 be a positive integer. The default is 30 days.
 
-Regardless of the option B<-notbefore>, the days are always counted from
+Regardless of the option B<-not_before>, the days are always counted from
 today.
-When used together with the option B<-notafter>, the explicit expiry
+When used together with the option B<-not_after>, the explicit expiry
 date takes precedence.
 
 =item B<-set_serial> I<n>

doc/man1/openssl-x509.pod.in

@@ -54,8 +54,8 @@ B<openssl> B<x509>
 [B<-checkip> I<ipaddr>]
 [B<-set_serial> I<n>]
 [B<-next_serial>]
-[B<-notbefore> I<date>]
-[B<-notafter> I<date>]
+[B<-not_before> I<date>]
+[B<-not_after> I<date>]
 [B<-days> I<arg>]
 [B<-preserve_dates>]
 [B<-subj> I<arg>]
@@ -184,7 +184,7 @@ Unless the B<-preserve_dates> option is supplied,
 it sets the validity start date to the current time
 and the end date to a value determined by the B<-days> option.
 Start date and end date can also be explicitly supplied with options
-B<-notbefore> and B<-notafter>.
+B<-not_before> and B<-not_after>.
 
 =item B<-signkey> I<filename>|I<uri>
 
@@ -378,7 +378,7 @@ The serial number can be decimal or hex (if preceded by C<0x>).
 
 Set the serial to be one more than the number in the certificate.
 
-=item B<-notbefore> I<date>
+=item B<-not_before> I<date>
 
 This allows the start date to be explicitly set. The format of the
 date is YYMMDDHHMMSSZ (the same as an ASN1 UTCTime structure), or
@@ -387,7 +387,7 @@ both formats, seconds SS and timezone Z must be present.
 
 Cannot be used together with the B<-preserve_dates> option.
 
-=item B<-notafter> I<date>
+=item B<-not_after> I<date>
 
 This allows the expiry date to be explicitly set. The format of the
 date is YYMMDDHHMMSSZ (the same as an ASN1 UTCTime structure), or
@@ -403,13 +403,13 @@ Specifies the number of days from today until a newly generated certificate expi
 The default is 30.
 
 Cannot be used together with the option B<-preserve_dates>.
-If option B<-notafter> is set, the explicit expiry date takes precedence.
+If option B<-not_after> is set, the explicit expiry date takes precedence.
 
 =item B<-preserve_dates>
 
 When signing a certificate, preserve "notBefore" and "notAfter" dates of any
 input certificate instead of adjusting them to current time and duration.
-Cannot be used together with the options B<-days>, B<-notbefore> and B<-notafter>.
+Cannot be used together with the options B<-days>, B<-not_before> and B<-not_after>.
 
 =item B<-subj> I<arg>