added exclusivity with -K, man page and -h

This commit is contained in:
PsychoMario 2014-12-09 19:40:07 +00:00
parent cbb2a179f9
commit 61d5186864
2 changed files with 12 additions and 3 deletions

6
main.c
View File

@ -112,6 +112,7 @@ main_usage(void)
" -k pemfile use CA key (and cert) from pemfile to sign forged certs\n"
" -C pemfile use CA chain from pemfile (intermediate and root CA certs)\n"
" -K pemfile use key from pemfile for leaf certs (default: generate)\n"
" -X gendir write generated key/cert pairs to gendir\n"
" -t certdir use cert+chain+key PEM files from certdir to target all sites\n"
" matching the common names (non-matching: generate if CA)\n"
" -O deny all OCSP requests on all proxyspecs\n"
@ -561,6 +562,11 @@ main(int argc, char *argv[])
argv0);
exit(EXIT_FAILURE);
}
if (opts->certgendir && opts->key)) {
fprintf(stderr, "%s: -K and -X are mutually exclusive.\n",
argv0);
exit(EXIT_FAILURE);
}
if (!opts->spec) {
fprintf(stderr, "%s: no proxyspec specified.\n", argv0);
exit(EXIT_FAILURE);

View File

@ -30,15 +30,15 @@ sslsplit \-\- transparent and scalable SSL/TLS interception
.SH SYNOPSIS
.na
.B sslsplit
[\fB-kCKOPZdDgGsrReumjplLSFi\fP] \fB-c\fP \fIpem\fP
[\fB-kCKXOPZdDgGsrReumjplLSFi\fP] \fB-c\fP \fIpem\fP
\fIproxyspecs\fP [...]
.br
.B sslsplit
[\fB-kCKOPZdDgGsrReumjplLSFi\fP] \fB-c\fP \fIpem\fP \fB-t\fP \fIdir\fP
[\fB-kCKXOPZdDgGsrReumjplLSFi\fP] \fB-c\fP \fIpem\fP \fB-t\fP \fIdir\fP
\fIproxyspecs\fP [...]
.br
.B sslsplit
[\fB-OPZdDgGsrReumjplLSFi\fP] \fB-t\fP \fIdir\fP
[\fB-OPZXdDgGsrReumjplLSFi\fP] \fB-t\fP \fIdir\fP
\fIproxyspecs\fP [...]
.br
.B sslsplit -E
@ -185,6 +185,9 @@ no matching certificate in the provided certificate directory.
Use private key from \fIpemfile\fP for certificates forged on-the-fly.
If \fB-K\fP is not given, SSLsplit will generate a random 1024-bit RSA key.
.TP
.B \-X \fIgendir\fP
Write generated keys and certificates to individual files in \fIgendir\fP.
.TP
.B \-l \fIlogfile\fP
Log connections to \fIlogfile\fP in a single line per connection format,
including addresses and ports and some HTTP and SSL information, if available.