pki tool supports single letter short options

[strongswan.git] / src / pki / commands / self.c

diff --git a/src/pki/commands/self.c b/src/pki/commands/self.c
index de1761c..97eb783 100644 (file)
--- a/src/pki/commands/self.c
+++ b/src/pki/commands/self.c
@@ -34,7 +34,7 @@ static int self(int argc, char *argv[])
        public_key_t *public = NULL;
        char *file = NULL, *dn = NULL, *hex = NULL, *error = NULL;
        identification_t *id = NULL;
-       linked_list_t *san;
+       linked_list_t *san, *ocsp;
        int lifetime = 1080;
        chunk_t serial = chunk_empty;
        chunk_t encoding = chunk_empty;
@@ -44,13 +44,17 @@ static int self(int argc, char *argv[])
 
        options = options_create();
        san = linked_list_create();
+       ocsp = linked_list_create();
 
        while (TRUE)
        {
-               switch (getopt_long(argc, argv, "", command_opts, NULL))
+               switch (getopt_long(argc, argv, command_optstring, command_opts, NULL))
                {
                        case 'h':
                                goto usage;
+                       case 'v':
+                               dbg_level = atoi(optarg);
+                               continue;
                        case '+':
                                if (!options->from(options, optarg, &argc, &argv, optind))
                                {
@@ -101,9 +105,12 @@ static int self(int argc, char *argv[])
                        case 's':
                                hex = optarg;
                                continue;
-                       case 'c':
+                       case 'b':
                                flags |= X509_CA;
                                continue;
+                       case 'o':
+                               ocsp->insert_last(ocsp, optarg);
+                               continue;
                        case EOF:
                                break;
                        default:
@@ -168,7 +175,8 @@ static int self(int argc, char *argv[])
                                                BUILD_SUBJECT, id, BUILD_NOT_BEFORE_TIME, not_before,
                                                BUILD_NOT_AFTER_TIME, not_after, BUILD_SERIAL, serial,
                                                BUILD_DIGEST_ALG, digest, BUILD_X509_FLAG, flags,
-                                               BUILD_SUBJECT_ALTNAMES, san, BUILD_END);
+                                               BUILD_SUBJECT_ALTNAMES, san,
+                                               BUILD_OCSP_ACCESS_LOCATIONS, ocsp, BUILD_END);
        if (!cert)
        {
                error = "generating certificate failed";
@@ -192,6 +200,7 @@ end:
        DESTROY_IF(public);
        DESTROY_IF(private);
        san->destroy_offset(san, offsetof(identification_t, destroy));
+       ocsp->destroy(ocsp);
        options->destroy(options);
        free(encoding.ptr);
        free(serial.ptr);
@@ -205,6 +214,7 @@ end:
 
 usage:
        san->destroy_offset(san, offsetof(identification_t, destroy));
+       ocsp->destroy(ocsp);
        options->destroy(options);
        return command_usage(error);
 }
@@ -219,7 +229,7 @@ static void __attribute__ ((constructor))reg()
                "create a self signed certificate",
                {"[--in file] [--type rsa|ecdsa]",
                 " --dn distinguished-name [--san subjectAltName]+",
-                "[--lifetime days] [--serial hex] [--ca]",
+                "[--lifetime days] [--serial hex] [--ca] [--ocsp uri]+",
                 "[--digest md5|sha1|sha224|sha256|sha384|sha512]",
                 "[--options file]"},
                {
@@ -231,7 +241,9 @@ static void __attribute__ ((constructor))reg()
                        {"lifetime",'l', 1, "days the certificate is valid, default: 1080"},
                        {"serial",      's', 1, "serial number in hex, default: random"},
                        {"ca",          'b', 0, "include CA basicConstraint, default: no"},
+                       {"ocsp",        'o', 1, "OCSP AuthorityInfoAccess URI to include"},
                        {"digest",      'g', 1, "digest for signature creation, default: sha1"},
+                       {"debug",       'v', 1, "set debug level, default: 1"},
                        {"options",     '+', 1, "read command line options from file"},
                }
        });