diff --git a/main.c b/main.c index b0cbccb..e8aa164 100644 --- a/main.c +++ b/main.c @@ -112,6 +112,7 @@ main_usage(void) " -k pemfile use CA key (and cert) from pemfile to sign forged certs\n" " -C pemfile use CA chain from pemfile (intermediate and root CA certs)\n" " -K pemfile use key from pemfile for leaf certs (default: generate)\n" +" -X gendir write generated key/cert pairs to gendir\n" " -t certdir use cert+chain+key PEM files from certdir to target all sites\n" " matching the common names (non-matching: generate if CA)\n" " -O deny all OCSP requests on all proxyspecs\n" @@ -561,6 +562,11 @@ main(int argc, char *argv[]) argv0); exit(EXIT_FAILURE); } + if (opts->certgendir && opts->key)) { + fprintf(stderr, "%s: -K and -X are mutually exclusive.\n", + argv0); + exit(EXIT_FAILURE); + } if (!opts->spec) { fprintf(stderr, "%s: no proxyspec specified.\n", argv0); exit(EXIT_FAILURE); diff --git a/sslsplit.1 b/sslsplit.1 index e888b4d..278a58b 100644 --- a/sslsplit.1 +++ b/sslsplit.1 @@ -30,15 +30,15 @@ sslsplit \-\- transparent and scalable SSL/TLS interception .SH SYNOPSIS .na .B sslsplit -[\fB-kCKOPZdDgGsrReumjplLSFi\fP] \fB-c\fP \fIpem\fP +[\fB-kCKXOPZdDgGsrReumjplLSFi\fP] \fB-c\fP \fIpem\fP \fIproxyspecs\fP [...] .br .B sslsplit -[\fB-kCKOPZdDgGsrReumjplLSFi\fP] \fB-c\fP \fIpem\fP \fB-t\fP \fIdir\fP +[\fB-kCKXOPZdDgGsrReumjplLSFi\fP] \fB-c\fP \fIpem\fP \fB-t\fP \fIdir\fP \fIproxyspecs\fP [...] .br .B sslsplit -[\fB-OPZdDgGsrReumjplLSFi\fP] \fB-t\fP \fIdir\fP +[\fB-OPZXdDgGsrReumjplLSFi\fP] \fB-t\fP \fIdir\fP \fIproxyspecs\fP [...] .br .B sslsplit -E @@ -185,6 +185,9 @@ no matching certificate in the provided certificate directory. Use private key from \fIpemfile\fP for certificates forged on-the-fly. If \fB-K\fP is not given, SSLsplit will generate a random 1024-bit RSA key. .TP +.B \-X \fIgendir\fP +Write generated keys and certificates to individual files in \fIgendir\fP. +.TP .B \-l \fIlogfile\fP Log connections to \fIlogfile\fP in a single line per connection format, including addresses and ports and some HTTP and SSL information, if available.