Merge pull request #3 from ab/master

Various mostly pointless style edits
2013-07-05 10:49:53 -07:00 · 2013-07-05 10:49:53 -07:00 · ce372dfb23
commit ce372dfb23
parent ff5bfd1dd8 46f5fd5c86
20 changed files with 297 additions and 284 deletions
--- a/easy-rsa/2.0/pkitool
+++ b/easy-rsa/2.0/pkitool
@ -44,81 +44,94 @@ die()
 need_vars()
 {
-    echo '  Please edit the vars script to reflect your configuration,'
+    cat <<EOM
-    echo '  then source it with "source ./vars".'
+  Please edit the vars script to reflect your configuration,
-    echo '  Next, to start with a fresh PKI configuration and to delete any'
+  then source it with "source ./vars".
-    echo '  previous certificates and keys, run "./clean-all".'
+  Next, to start with a fresh PKI configuration and to delete any
-    echo "  Finally, you can run this tool ($PROGNAME) to build certificates/keys."
+  previous certificates and keys, run "./clean-all".
  Finally, you can run this tool ($PROGNAME) to build certificates/keys.
 EOM
 }
 usage()
 {
-    echo "$PROGNAME $VERSION"
+    cat <<EOM
-    echo "Usage: $PROGNAME [options...] [common-name]"
+$PROGNAME $VERSION
-    echo "Options:"
+Usage: $PROGNAME [options...] [common-name]
-    echo "  --batch    : batch mode (default)"
+
-    echo "  --keysize  : Set keysize"
+Options:
-    echo "      size   : size (default=1024)"
+  --batch    : batch mode (default)
-    echo "  --interact : interactive mode"
+  --keysize  : Set keysize
-    echo "  --server   : build server cert"
+      size   : size (default=1024)
-    echo "  --initca   : build root CA"
+  --interact : interactive mode
-    echo "  --inter    : build intermediate CA"
+  --server   : build server cert
-    echo "  --pass     : encrypt private key with password"
+  --initca   : build root CA
-    echo "  --csr      : only generate a CSR, do not sign"
+  --inter    : build intermediate CA
-    echo "  --sign     : sign an existing CSR"
+  --pass     : encrypt private key with password
-    echo "  --pkcs12   : generate a combined PKCS#12 file"
+  --csr      : only generate a CSR, do not sign
-    echo "  --pkcs11   : generate certificate on PKCS#11 token"
+  --sign     : sign an existing CSR
-    echo "      lib    : PKCS#11 library"
+  --pkcs12   : generate a combined PKCS#12 file
-    echo "      slot   : PKCS#11 slot"
+  --pkcs11   : generate certificate on PKCS#11 token
-    echo "      id     : PKCS#11 object id (hex string)"
+      lib    : PKCS#11 library
-    echo "      label  : PKCS#11 object label"
+      slot   : PKCS#11 slot
-    echo "Standalone options:"
+      id     : PKCS#11 object id (hex string)
-    echo "  --pkcs11-slots   : list PKCS#11 slots"
+      label  : PKCS#11 object label
-    echo "      lib    : PKCS#11 library"
+
-    echo "  --pkcs11-objects : list PKCS#11 token objects"
+Standalone options:
-    echo "      lib    : PKCS#11 library"
+  --pkcs11-slots   : list PKCS#11 slots
-    echo "      slot   : PKCS#11 slot"
+      lib    : PKCS#11 library
-    echo "  --pkcs11-init    : initialize PKCS#11 token DANGEROUS!!!"
+  --pkcs11-objects : list PKCS#11 token objects
-    echo "      lib    : PKCS#11 library"
+      lib    : PKCS#11 library
-    echo "      slot   : PKCS#11 slot"
+      slot   : PKCS#11 slot
-    echo "      label  : PKCS#11 token label"
+  --pkcs11-init    : initialize PKCS#11 token DANGEROUS!!!
-    echo "Notes:"
+      lib    : PKCS#11 library
      slot   : PKCS#11 slot
      label  : PKCS#11 token label
 Notes:
 EOM
    need_vars
-    echo "  In order to use PKCS#11 interface you must have opensc-0.10.0 or higher."
+    cat <<EOM
-    echo "Generated files and corresponding OpenVPN directives:"
+  In order to use PKCS#11 interface you must have opensc-0.10.0 or higher.
-    echo '(Files will be placed in the $KEY_DIR directory, defined in ./vars)'
+
-    echo "  ca.crt     -> root certificate (--ca)"
+Generated files and corresponding OpenVPN directives:
-    echo "  ca.key     -> root key, keep secure (not directly used by OpenVPN)"
+(Files will be placed in the \$KEY_DIR directory, defined in ./vars)
-    echo "  .crt files -> client/server certificates (--cert)"
+  ca.crt     -> root certificate (--ca)
-    echo "  .key files -> private keys, keep secure (--key)"
+  ca.key     -> root key, keep secure (not directly used by OpenVPN)
-    echo "  .csr files -> certificate signing request (not directly used by OpenVPN)"
+  .crt files -> client/server certificates (--cert)
-    echo "  dh1024.pem or dh2048.pem -> Diffie Hellman parameters (--dh)"
+  .key files -> private keys, keep secure (--key)
-    echo "Examples:"
+  .csr files -> certificate signing request (not directly used by OpenVPN)
-    echo "  $PROGNAME --initca          -> Build root certificate"
+  dh1024.pem or dh2048.pem -> Diffie Hellman parameters (--dh)
-    echo "  $PROGNAME --initca --pass   -> Build root certificate with password-protected key"
+
-    echo "  $PROGNAME --server server1  -> Build \"server1\" certificate/key"
+Examples:
-    echo "  $PROGNAME client1           -> Build \"client1\" certificate/key"
+  $PROGNAME --initca          -> Build root certificate
-    echo "  $PROGNAME --pass client2    -> Build password-protected \"client2\" certificate/key"
+  $PROGNAME --initca --pass   -> Build root certificate with password-protected key
-    echo "  $PROGNAME --pkcs12 client3  -> Build \"client3\" certificate/key in PKCS#12 format"
+  $PROGNAME --server server1  -> Build "server1" certificate/key
-    echo "  $PROGNAME --csr client4     -> Build \"client4\" CSR to be signed by another CA"
+  $PROGNAME client1           -> Build "client1" certificate/key
-    echo "  $PROGNAME --sign client4    -> Sign \"client4\" CSR"
+  $PROGNAME --pass client2    -> Build password-protected "client2" certificate/key
-    echo "  $PROGNAME --inter interca   -> Build an intermediate key-signing certificate/key"
+  $PROGNAME --pkcs12 client3  -> Build "client3" certificate/key in PKCS#12 format
-    echo "                               Also see ./inherit-inter script."
+  $PROGNAME --csr client4     -> Build "client4" CSR to be signed by another CA
-    echo "  $PROGNAME --pkcs11 /usr/lib/pkcs11/lib1 0 010203 \"client5 id\" client5"
+  $PROGNAME --sign client4    -> Sign "client4" CSR
-    echo "                              -> Build \"client5\" certificate/key in PKCS#11 token"
+  $PROGNAME --inter interca   -> Build an intermediate key-signing certificate/key
-    echo "Typical usage for initial PKI setup.  Build myserver, client1, and client2 cert/keys."
+                               Also see ./inherit-inter script.
-    echo "Protect client2 key with a password.  Build DH parms.  Generated files in ./keys :"
+  $PROGNAME --pkcs11 /usr/lib/pkcs11/lib1 0 010203 "client5 id" client5
-    echo "  [edit vars with your site-specific info]"
+                              -> Build "client5" certificate/key in PKCS#11 token
-    echo "  source ./vars"
+
-    echo "  ./clean-all"
+Typical usage for initial PKI setup.  Build myserver, client1, and client2 cert/keys.
-    echo "  ./build-dh     -> takes a long time, consider backgrounding"
+Protect client2 key with a password.  Build DH parms.  Generated files in ./keys :
-    echo "  ./$PROGNAME --initca"
+  [edit vars with your site-specific info]
-    echo "  ./$PROGNAME --server myserver"
+  source ./vars
-    echo "  ./$PROGNAME client1"
+  ./clean-all
-    echo "  ./$PROGNAME --pass client2"
+  ./build-dh     -> takes a long time, consider backgrounding
-    echo "Typical usage for adding client cert to existing PKI:"
+  ./$PROGNAME --initca
-    echo "  source ./vars"
+  ./$PROGNAME --server myserver
-    echo "  ./$PROGNAME client-new"
+  ./$PROGNAME client1
  ./$PROGNAME --pass client2
 Typical usage for adding client cert to existing PKI:
  source ./vars
  ./$PROGNAME client-new
 EOM
 }
 # Set tool defaults