From 1df0350fc710a1add2afb5674dbe45bbdf967652 Mon Sep 17 00:00:00 2001 From: Kyle Isom Date: Fri, 20 Oct 2017 12:38:41 -0700 Subject: [PATCH] Cleanups and docs. --- README.md | 1 + cmd/fragment/fragment.go | 11 ++++++++--- cmd/subjhash/README | 20 ++++++++++++++++++++ cmd/subjhash/main.go | 4 ++++ 4 files changed, 33 insertions(+), 3 deletions(-) create mode 100644 cmd/subjhash/README diff --git a/README.md b/README.md index ac39e6d..04fda32 100644 --- a/README.md +++ b/README.md @@ -34,6 +34,7 @@ Contents: ski Display the SKI for PEM-encoded TLS material. stealchain/ Dump the verified chain from a TLS connection. + subjhash/ Print or match subject info from a certificate. tlskeypair/ Check whether a TLS certificate and key file match. utc/ Convert times to UTC. yamll/ A small YAML linter. diff --git a/cmd/fragment/fragment.go b/cmd/fragment/fragment.go index c73d0d3..773dd59 100644 --- a/cmd/fragment/fragment.go +++ b/cmd/fragment/fragment.go @@ -4,6 +4,7 @@ import ( "bufio" "flag" "fmt" + "io" "os" "path/filepath" "strconv" @@ -11,9 +12,13 @@ import ( "github.com/kisom/goutils/die" ) -func usage() { +func init() { + flag.Usage = func() { usage(os.Stdout); os.Exit(1) } +} + +func usage(w io.Writer) { progname := filepath.Base(os.Args[0]) - fmt.Printf(`Usage: %s [-nl] file start [end] + fmt.Fprintf(w, `Usage: %s [-nl] file start [end] Print a fragment of a file starting a line 'start' and ending at line 'end', or EOF if no end is specified. @@ -27,7 +32,7 @@ func main() { flag.Parse() if flag.NArg() < 2 || flag.NArg() > 3 { - usage() + usage(os.Stderr) os.Exit(1) } diff --git a/cmd/subjhash/README b/cmd/subjhash/README new file mode 100644 index 0000000..21cdd9f --- /dev/null +++ b/cmd/subjhash/README @@ -0,0 +1,20 @@ +subjhash + +This tool prints the SHA-256 hash of an X.509 certificate's subject +info or issuer fields. It can also verify that the hashes of the +subject are the same between two certificates. + +Usage: subjhash [-im] certs... + +Flags: + -i Print hash of issuer field. + -m Matching mode. This expects arguments to be in the form of + pairs of certificates (e.g. previous, new) whose subjects + will be compared. For example, + + subjhash -m ca1.pem ca1-renewed.pem \ + ca2.pem ca2-renewed.pem + + will exit with a non-zero status if the subject in the + ca1-renewed.pem certificate doesn't match the subject in the + ca.pem certificate; similarly for ca2. diff --git a/cmd/subjhash/main.go b/cmd/subjhash/main.go index 17d2700..fb4bb96 100644 --- a/cmd/subjhash/main.go +++ b/cmd/subjhash/main.go @@ -13,6 +13,10 @@ import ( "github.com/kisom/goutils/lib" ) +func init() { + flag.Usage = func() { usage(os.Stdout); os.Exit(1) } +} + func usage(w io.Writer) { fmt.Fprintf(w, `Print hash of subject or issuer fields in certificates.