search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
MAX_ENTRIES increased to 128.
[gnutls.git] / src / cli-args.def
blobb032ad0b872da559ffabba1676ba9652bdf95ccf
1 AutoGen Definitions options;
2 prog-name = gnutls-cli;
3 prog-title = "GnuTLS client";
4 prog-desc = "Simple client program to set up a TLS connection.";
5 short-usage = "Usage: gnutls-cli [options] hostname\ngnutls-cli --help for usage instructions.\n";
6 explain = "";
7 detail = "Simple client program to set up a TLS connection to some other computer.
8 It sets up a TLS connection and forwards data from the standard input to the secured socket and vice versa.";
9 reorder-args;
10 argument = "[hostname]";
11
12 #define VERBOSE_OPT 1
13 #include args-std.def
14
15 flag = {
16 name = tofu;
17 descrip = "Enable trust on first use authentication";
18 disabled;
19 disable = "no";
20 doc = "This option will, in addition to certificate authentication, perform authentication based on previously seen public keys, a model similar to SSH authentication.";
21 };
22
23 flag = {
24 name = ocsp;
25 descrip = "Enable OCSP certificate verification";
26 disabled;
27 disable = "no";
28 doc = "This option will enable verification of the peer's certificate using ocsp";
29 };
30
31 flag = {
32 name = resume;
33 value = r;
34 descrip = "Establish a session and resume";
35 doc = "Connect, establish a session, reconnect and resume.";
36 };
37
38 flag = {
39 name = rehandshake;
40 value = e;
41 descrip = "Establish a session and rehandshake";
42 doc = "Connect, establish a session and rehandshake immediately.";
43 };
44
45 flag = {
46 name = noticket;
47 descrip = "Don't accept session tickets";
48 doc = "";
49 };
50
51 flag = {
52 name = starttls;
53 value = s;
54 descrip = "Connect, establish a plain session and start TLS.";
55 doc = "The TLS session will be initiated when EOF or a SIGALRM is received.";
56 };
57
58 flag = {
59 name = udp;
60 value = u;
61 descrip = "Use DTLS (datagram TLS) over UDP";
62 doc = "";
63 };
64
65 flag = {
66 name = mtu;
67 arg-type = number;
68 arg-range = "0->17000";
69 descrip = "Set MTU for datagram TLS";
70 doc = "";
71 };
72
73 flag = {
74 name = crlf;
75 descrip = "Send CR LF instead of LF";
76 doc = "";
77 };
78
79 flag = {
80 name = x509fmtder;
81 descrip = "Use DER format for certificates to read from";
82 doc = "";
83 };
84
85 flag = {
86 name = fingerprint;
87 value = f;
88 descrip = "Send the openpgp fingerprint, instead of the key";
89 doc = "";
90 };
91
92 flag = {
93 name = disable-extensions;
94 descrip = "Disable all the TLS extensions";
95 doc = "";
96 };
97
98 flag = {
99 name = print-cert;
100 descrip = "Print peer's certificate in PEM format";
101 doc = "";
102 };
103
104 flag = {
105 name = recordsize;
106 arg-type = number;
107 arg-range = "0->4096";
108 descrip = "The maximum record size to advertize";
109 doc = "";
110 };
111
112 flag = {
113 name = priority;
114 arg-type = string;
115 descrip = "Priorities string";
116 doc = "TLS algorithms and protocols to enable. You can
117 use predefined sets of ciphersuites such as PERFORMANCE,
118 NORMAL, SECURE128, SECURE256.
119
120 Check the GnuTLS manual on section ``Priority strings'' for more
121 information on allowed keywords";
122 };
123
124 flag = {
125 name = x509cafile;
126 arg-type = string;
127 descrip = "Certificate file or PKCS #11 URL to use";
128 doc = "";
129 };
130
131 flag = {
132 name = x509crlfile;
133 arg-type = file;
134 file-exists = yes;
135 descrip = "CRL file to use";
136 doc = "";
137 };
138
139 flag = {
140 name = pgpkeyfile;
141 arg-type = file;
142 file-exists = yes;
143 descrip = "PGP Key file to use";
144 doc = "";
145 };
146
147 flag = {
148 name = pgpkeyring;
149 arg-type = file;
150 file-exists = yes;
151 descrip = "PGP Key ring file to use";
152 doc = "";
153 };
154
155 flag = {
156 name = pgpcertfile;
157 arg-type = file;
158 file-exists = yes;
159 descrip = "PGP Public Key (certificate) file to use";
160 doc = "";
161 };
162
163 flag = {
164 name = x509keyfile;
165 arg-type = string;
166 descrip = "X.509 key file or PKCS #11 URL to use";
167 doc = "";
168 };
169
170 flag = {
171 name = x509certfile;
172 arg-type = string;
173 descrip = "X.509 Certificate file or PKCS #11 URL to use";
174 doc = "";
175 };
176
177 flag = {
178 name = pgpsubkey;
179 arg-type = string;
180 descrip = "PGP subkey to use (hex or auto)";
181 doc = "";
182 };
183
184 flag = {
185 name = srpusername;
186 arg-type = string;
187 descrip = "SRP username to use";
188 doc = "";
189 };
190
191 flag = {
192 name = srppasswd;
193 arg-type = string;
194 descrip = "SRP password to use";
195 doc = "";
196 };
197
198 flag = {
199 name = pskusername;
200 arg-type = string;
201 descrip = "PSK username to use";
202 doc = "";
203 };
204
205 flag = {
206 name = pskkey;
207 arg-type = string;
208 descrip = "PSK key (in hex) to use";
209 doc = "";
210 };
211
212 flag = {
213 name = port;
214 value = p;
215 arg-type = string;
216 descrip = "The port or service to connect to";
217 doc = "";
218 };
219
220 flag = {
221 name = insecure;
222 descrip = "Don't abort program if server certificate can't be validated";
223 doc = "";
224 };
225
226 flag = {
227 name = benchmark-ciphers;
228 descrip = "Benchmark individual ciphers";
229 doc = "";
230 };
231
232 flag = {
233 name = benchmark-soft-ciphers;
234 descrip = "Benchmark individual software ciphers (no hw acceleration)";
235 doc = "";
236 };
237
238 flag = {
239 name = benchmark-tls;
240 descrip = "Benchmark ciphers and key exchange methods in TLS";
241 doc = "";
242 };
243
244 flag = {
245 name = list;
246 value = l;
247 descrip = "Print a list of the supported algorithms and modes";
248 doc = "Print a list of the supported algorithms and modes. If a priority string is given then only the enabled ciphersuites are shown.";
249 };
250
251
252
253 doc-section = {
254 ds-type = 'SEE ALSO'; // or anything else
255 ds-format = 'texi'; // or texi or mdoc format
256 ds-text = <<-_EOF_
257 gnutls-cli-debug(1), gnutls-serv(1)
258 _EOF_;
259 };
260
261 doc-section = {
262 ds-type = 'EXAMPLES';
263 ds-format = 'texi';
264 ds-text = <<-_EOF_
265 @subheading Connecting using PSK authentication
266 To connect to a server using PSK authentication, you need to enable the choice of PSK by using a cipher priority parameter such as in the example below.
267 @example
268 $ ./gnutls-cli -p 5556 localhost --pskusername psk_identity \
269 --pskkey 88f3824b3e5659f52d00e959bacab954b6540344 \
270 --priority NORMAL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK
271 Resolving 'localhost'...
272 Connecting to '127.0.0.1:5556'...
273 - PSK authentication.
274 - Version: TLS1.1
275 - Key Exchange: PSK
276 - Cipher: AES-128-CBC
277 - MAC: SHA1
278 - Compression: NULL
279 - Handshake was completed
280
281 - Simple Client Mode:
282 @end example
283 By keeping the --pskusername parameter and removing the --pskkey parameter, it will query only for the password during the handshake.
284
285 @subheading Listing ciphersuites in a priority string
286 To list the ciphersuites in a priority string:
287 @example
288 $ ./gnutls-cli --priority SECURE192 -l
289 Cipher suites for SECURE192
290 TLS_ECDHE_ECDSA_AES_256_CBC_SHA384 0xc0, 0x24 TLS1.2
291 TLS_ECDHE_ECDSA_AES_256_GCM_SHA384 0xc0, 0x2e TLS1.2
292 TLS_ECDHE_RSA_AES_256_GCM_SHA384 0xc0, 0x30 TLS1.2
293 TLS_DHE_RSA_AES_256_CBC_SHA256 0x00, 0x6b TLS1.2
294 TLS_DHE_DSS_AES_256_CBC_SHA256 0x00, 0x6a TLS1.2
295 TLS_RSA_AES_256_CBC_SHA256 0x00, 0x3d TLS1.2
296
297 Certificate types: CTYPE-X.509
298 Protocols: VERS-TLS1.2, VERS-TLS1.1, VERS-TLS1.0, VERS-SSL3.0, VERS-DTLS1.0
299 Compression: COMP-NULL
300 Elliptic curves: CURVE-SECP384R1, CURVE-SECP521R1
301 PK-signatures: SIGN-RSA-SHA384, SIGN-ECDSA-SHA384, SIGN-RSA-SHA512, SIGN-ECDSA-SHA512
302 @end example
303 _EOF_;
304 };
305
Implementation of the SSL/TLS protocol