@@ -7,6 +7,10 @@ if [ -z "$BASH_VERSION" ];then exec bash "$0" "$@";else set +o posix;fi
77set -e ; PROGRAM=" $0 "
88
99show_help_text () {
10+ if [[ -t 1 && -t 0 ]]
11+ then show_help_text | " ${PAGER:- more} " ; exit
12+ fi
13+
1014 echo " Usage: $( basename " $PROGRAM " ) "
1115 version_warnings
1216
@@ -118,6 +122,10 @@ Options:
118122 -no-prompt
119123 Prevent OpenSSL prompting for any part of the subject.
120124
125+ -ed25519
126+ -ed448
127+ Generate an ed25519 or ed448 private key.
128+
121129 -ec:prime256v1
122130 -ec:256
123131 -ec:curve:encoding
@@ -127,10 +135,6 @@ Options:
127135 and their X25519 and X448 counterparts. The numbers 256,384 and 521 are
128136 shorthands for the curves prime256v1, secp384r1 and secp521r1.
129137
130- -ed25519
131- -ed448
132- Generate an ed25519 or ed448 private key.
133-
134138 -list-curves
135139 -show-curves
136140 List the EC curves that OpenSSL supports.
@@ -145,9 +149,15 @@ Options:
145149 NB: This also makes the default digest SHA1.
146150
147151 -keyfile=FileName
148- Don't generate a key, use the one in FileName. If you're generating
149- a "single use ca" the second throwaway key will be generated to be
150- the same type as the key in this file if possible.
152+ Don't generate a key, use the one in FileName. If you're
153+ generating a "single use ca" the second throwaway key (for the
154+ CA) will be generated to be the same type as the key in this
155+ file, if possible.
156+ Note that if it's a PFX file it must have a ".pfx" extension.
157+
158+ -sign=FileName
159+ Use the key and certificate in FileName to sign the certificate.
160+ Note that if it's a PFX file it must have a ".pfx" extension.
151161
152162 -csrin=FileName
153163 Use the CSR from FileName instead of generating a new key.
@@ -167,10 +177,6 @@ Options:
167177 -showcsr
168178 Dump any CSR we use to the output too.
169179
170- -sign=FileName
171- Use the key and certificate in FileName to sign the certificate,
172- note if it's a PFX file it must have a ".pfx" extension.
173-
174180 -singleuseca
175181 -suca
176182 Generate a new CA key for the CA certificate and to sign the standard
@@ -361,6 +367,16 @@ version_warnings() {
361367 return 0
362368}
363369
370+ edit_readme_help_text () {
371+ [[ -f README && -f mk-cert && -f README.md ]] || {
372+ echo This needs to be run in the source tree
373+ exit 1
374+ }
375+ sed -i ' /^Usage: mk-cert/,$d'
376+ bash mk-cert -help >> README
377+ exit 0
378+ }
379+
364380main () {
365381 eval " typeset -A SANDUP # bash4/ksh" 2> /dev/null && BASH3=no || BASH3=yes
366382
@@ -555,6 +571,7 @@ decode_args() {
555571 for ar
556572 do case " $ar " in
557573 -h|-help|--help) show_help_text ;;
574+ -edit-readme ) edit_readme_help_text ;;
558575
559576 -showconf ) SHOWCONF=yes ;;
560577
@@ -695,6 +712,13 @@ decode_args() {
695712 -list[-_]curves|-show[_-]curves )
696713 openssl ecparam -list_curves ; exit ;;
697714
715+ -keyfile[=:]* |-key[=:]* .pfx )
716+ eval " mkkey() { openssl pkcs12 -nodes -out - -in '${ar#* [=:]} ' | openssl pkey; }"
717+ [[ " $KFN " = " " && KFN=/dev/null
718+ KEYCLASS=' file'
719+ KEYSOURCE=" $KEYSOURCE :keyfile"
720+ ;;
721+
698722 -keyfile[=:]* |-key[=:]* )
699723 eval " mkkey() { cat < '${ar#* [=:]} ' ; }"
700724 [[ " $KFN " = " " && KFN=/dev/null
0 commit comments