# bash completion for openssl -*- shell-script -*- proc _openssl_sections { local config f # check if a specific configuration file is used for (( i=2; i < cword; i++ )); do if [[ "${words[i]}" == -config ]]; then config=${words[i+1]} break fi done # if no config given, check some usual default locations if [[ -z $config ]] { for f in [/etc/ssl/openssl.cnf /etc/pki/tls/openssl.cnf \ /usr/share/ssl/openssl.cnf] { [[ -f $f ]] && setglobal config = $f && break } } [[ ! -f $config ]] && return 0 setglobal COMPREPLY = ''( $( compgen -W "$( awk '/\[.*\]/ {print $2}' $config )" \ -- "$cur" ) ) } proc _openssl { local cur prev words cword _init_completion || return local commands command options formats setglobal commands = ''asn1parse ca ciphers crl crl2pkcs7 dgst dh dhparam dsa dsaparam ec ecparam enc engine errstr gendh gendsa genrsa nseq ocsp passwd pkcs12 pkcs7 pkcs8 prime rand req rsa rsautl s_client s_server s_time sess_id smime speed spkac verify version x509 md2 md4 md5 rmd160 sha sha1 aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb aes-256-cbc aes-256-ecb base64 bf bf-cbc bf-cfb bf-ecb bf-ofb camellia-128-cbc camellia-128-ecb camellia-192-cbc camellia-192-ecb camellia-256-cbc camellia-256-ecb cast cast-cbc cast5-cbc cast5-cfb cast5-ecb cast5-ofb des des-cbc des-cfb des-ecb des-ede des-ede-cbc des-ede-cfb des-ede-ofb des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb des-ofb des3 desx rc2 rc2-40-cbc rc2-64-cbc rc2-cbc rc2-cfb rc2-ecb rc2-ofb rc4 rc4-40'' if [[ $cword -eq 1 ]] { setglobal COMPREPLY = ''( $( compgen -W "$commands" -- "$cur" ) ) } else { setglobal command = $(words[1]) match $prev { with -CA|-CAfile|-CAkey|-CAserial|-cert|-certfile|-config|-content| \ -dcert|-dkey|-dhparam|-extfile|-in|-inkey|-kfile|-key|-keyout| \ -out|-oid|-prvrify|-rand|-recip|-revoke|-sess_in|-sess_out| \ -spkac|-sign|-signkey|-signer|-signature|-ss_cert|-untrusted| \ -verify _filedir return 0 with -outdir|-CApath _filedir -d return 0 with -name|-crlexts|-extensions _openssl_sections return 0 with -inform|-outform|-keyform|-certform|-CAform|-CAkeyform|-dkeyform|\ -dcertform setglobal formats = ''DER PEM'' match $command { with x509 setglobal formats = '" NET'" with smime setglobal formats = '" SMIME'" } setglobal COMPREPLY = ''( $( compgen -W "$formats" -- "$cur" ) ) return 0 with -connect _known_hosts_real $cur return 0 with -starttls setglobal COMPREPLY = ''( $( compgen -W 'smtp pop3 imap ftp' -- "$cur" ) ) return 0 with -cipher setglobal COMPREPLY = ''( $( IFS=: compgen -W "$( $1 ciphers )" \ -- "$cur" ) ) return 0 } if [[ "$cur" == -* ]] { # possible options for the command match $command { with asn1parse setglobal options = ''-inform -in -out -noout -offset -length -i -oid -strparse'' with ca setglobal options = ''-verbose -config -name -gencrl -revoke -crl_reason -crl_hold -crl_compromise -crl_CA_compromise -crldays -crlhours -crlexts -startdate -enddate -days -md -policy -keyfile -key -passin -cert -selfsig -in -out -notext -outdir -infiles -spkac -ss_cert -preserveDN -noemailDN -batch -msie_hack -extensions -extfile -engine -subj -utf8 -multivalue-rdn'' with ciphers setglobal options = ''-v -ssl2 -ssl3 -tls1'' with crl setglobal options = ''-inform -outform -text -in -out -noout -hash -issuer -lastupdate -nextupdate -CAfile -CApath'' with crl2pkcs7 setglobal options = ''-inform -outform -in -out -print_certs'' with dgst setglobal options = ''-md5 -md4 -md2 -sha1 -sha -mdc2 -ripemd160 -dss1 -c -d -hex -binary -out -sign -verify -prverify -signature'' with dsa setglobal options = ''-inform -outform -in -passin -out -passout -des -des3 -idea -text -noout -modulus -pubin -pubout'' with dsaparam setglobal options = ''-inform -outform -in -out -noout -text -C -rand -genkey'' with enc setglobal options = ''-ciphername -in -out -pass -e -d -a -A -k -kfile -S -K -iv -p -P -bufsize -debug'' with dhparam setglobal options = ''-inform -outform -in -out -dsaparam -noout -text -C -2 -5 -rand'' with gendsa setglobal options = ''-out -des -des3 -idea -rand'' with genrsa setglobal options = ''-out -passout -des -des3 -idea -f4 -3 -rand'' with pkcs7 setglobal options = ''-inform -outform -in -out -print_certs -text -noout'' with rand setglobal options = ''-out -rand -base64'' with req setglobal options = ''-inform -outform -in -passin -out -passout -text -noout -verify -modulus -new -rand -newkey -newkey -nodes -key -keyform -keyout -md5 -sha1 -md2 -mdc2 -config -x509 -days -asn1-kludge -newhdr -extensions -reqexts section'' with rsa setglobal options = ''-inform -outform -in -passin -out -passout -sgckey -des -des3 -idea -text -noout -modulus -check -pubin -pubout -engine'' with rsautl setglobal options = ''-in -out -inkey -pubin -certin -sign -verify -encrypt -decrypt -pkcs -ssl -raw -hexdump -asn1parse'' with s_client setglobal options = ''-connect -verify -cert -certform -key -keyform -pass -CApath -CAfile -reconnect -pause -showcerts -debug -msg -nbio_test -state -nbio -crlf -ign_eof -quiet -ssl2 -ssl3 -tls1 -no_ssl2 -no_ssl3 -no_tls1 -bugs -cipher -starttls -engine -tlsextdebug -no_ticket -sess_out -sess_in -rand'' with s_server setglobal options = ''-accept -context -verify -Verify -crl_check -crl_check_all -cert -certform -key -keyform -pass -dcert -dcertform -dkey -dkeyform -dpass -dhparam -nbio -nbio_test -crlf -debug -msg -state -CApath -CAfile -nocert -cipher -quiet -no_tmp_rsa -ssl2 -ssl3 -tls1 -no_ssl2 -no_ssl3 -no_tls1 -no_dhe -bugs -hack -www -WWW -HTTP -engine -tlsextdebug -no_ticket -id_prefix -rand'' with s_time setglobal options = ''-connect -www -cert -key -CApath -CAfile -reuse -new -verify -nbio -time -ssl2 -ssl3 -bugs -cipher'' with sess_id setglobal options = ''-inform -outform -in -out -text -noout -context ID'' with smime setglobal options = ''-encrypt -decrypt -sign -verify -pk7out -des -des3 -rc2-40 -rc2-64 -rc2-128 -aes128 -aes192 -aes256 -in -certfile -signer -recip -inform -passin -inkey -out -outform -content -to -from -subject -text -rand'' with speed setglobal options = ''-engine'' with verify setglobal options = ''-CApath -CAfile -purpose -untrusted -help -issuer_checks -verbose -certificates'' with x509 setglobal options = ''-inform -outform -keyform -CAform -CAkeyform -in -out -serial -hash -subject_hash -issuer_hash -subject -issuer -nameopt -email -startdate -enddate -purpose -dates -modulus -fingerprint -alias -noout -trustout -clrtrust -clrreject -addtrust -addreject -setalias -days -set_serial -signkey -x509toreq -req -CA -CAkey -CAcreateserial -CAserial -text -C -md2 -md5 -sha1 -mdc2 -clrext -extfile -extensions -engine'' with md5|md4|md2|sha1|sha|mdc2|ripemd160 setglobal options = ''-c -d'' } setglobal COMPREPLY = ''( $( compgen -W "$options" -- "$cur" ) ) } else { if [[ "$command" == speed ]] { setglobal COMPREPLY = ''( $( compgen -W 'md2 mdc2 md5 hmac sha1 rmd160 idea-cbc rc2-cbc rc5-cbc bf-cbc des-cbc des-ede3 rc4 rsa512 rsa1024 rsa2048 rsa4096 dsa512 dsa1024 dsa2048 idea rc2 des rsa blowfish' -- "$cur" ) ) } else { _filedir } } } } && complete -F _openssl -o default openssl # ex: ts=4 sw=4 et filetype=sh