# bash completion for openssl -*- shell-script -*- _openssl_sections() { local config f # check if a specific configuration file is used for ((i = 2; i < cword; i++)); do if [[ ${words[i]} == -config ]]; then config=${words[i + 1]} break fi done # if no config given, check some usual default locations if [[ -z $config ]]; then for f in /etc/ssl/openssl.cnf /etc/pki/tls/openssl.cnf \ /usr/share/ssl/openssl.cnf; do [[ -f $f ]] && config=$f && break done fi [[ ! -f $config ]] && return COMPREPLY=($(compgen -W "$(awk '/\[.*\]/ {print $2}' $config)" -- "$cur")) } _openssl_digests() { "$1" dgst -h 2>&1 | awk '/^-.*[ \t]to use the .* message digest algorithm/ { print $1 }' local -a digests=($("$1" help 2>&1 | command sed -ne '/^Message Digest commands/,/^[[:space:]]*$/p' | command sed -e 1d)) printf "%s\n" "${digests[@]/#/-}" } _openssl() { local cur prev words cword _init_completion || return local commands command options formats commands='asn1parse ca ciphers crl crl2pkcs7 dgst dh dhparam dsa dsaparam ec ecparam enc engine errstr gendh gendsa genrsa nseq ocsp passwd pkcs12 pkcs7 pkcs8 prime rand req rsa rsautl s_client s_server s_time sess_id smime speed spkac verify version x509 md2 md4 md5 rmd160 sha sha1 aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb aes-256-cbc aes-256-ecb base64 bf bf-cbc bf-cfb bf-ecb bf-ofb camellia-128-cbc camellia-128-ecb camellia-192-cbc camellia-192-ecb camellia-256-cbc camellia-256-ecb cast cast-cbc cast5-cbc cast5-cfb cast5-ecb cast5-ofb des des-cbc des-cfb des-ecb des-ede des-ede-cbc des-ede-cfb des-ede-ofb des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb des-ofb des3 desx rc2 rc2-40-cbc rc2-64-cbc rc2-cbc rc2-cfb rc2-ecb rc2-ofb rc4 rc4-40 sha224 sha256 sha384 sha512 genpkey pkey pkeyparam pkeyutl' if ((cword == 1)); then COMPREPLY=($(compgen -W "$commands" -- "$cur")) else command=${words[1]} case $prev in -CA | -CAfile | -CAkey | -CAserial | -cert | -certfile | -config | -content | \ -dcert | -dkey | -dhparam | -extfile | -in | -inkey | -kfile | -key | -keyout | \ -out | -oid | -paramfile | -peerkey | -prvrify | -rand | -recip | -revoke | \ -sess_in | -sess_out | -spkac | -sigfile | -sign | -signkey | -signer | \ -signature | -ss_cert | -untrusted | -verify | -writerand) _filedir return ;; -outdir | -CApath) _filedir -d return ;; -name | -crlexts | -extensions) _openssl_sections return ;; -inform | -outform | -keyform | -certform | -CAform | -CAkeyform | -dkeyform | \ -dcertform | -peerform) formats='DER PEM' case $command in x509) formats+=" NET" ;; smime) formats+=" SMIME" ;; pkeyutl) formats+=" ENGINE" ;; esac COMPREPLY=($(compgen -W "$formats" -- "$cur")) return ;; -connect) _known_hosts_real -- "$cur" return ;; -starttls) COMPREPLY=($(compgen -W ' smtp pop3 imap ftp xmpp xmpp-server telnet irc mysql postgres lmtp nntp sieve ldap ' -- "$cur")) return ;; -cipher) COMPREPLY=($(IFS=: compgen -W "$($1 ciphers)" -- "$cur")) return ;; -kdf) COMPREPLY=($(compgen -W 'TLS1-PRF HKDF' -- "$cur")) return ;; esac if [[ $cur == -* ]]; then # possible options for the command options=$(_parse_help "$1" "$command -help" 2>/dev/null) case $command in dgst | req | x509) options+=" $(_openssl_digests $1)" ;; esac COMPREPLY=($(compgen -W "$options" -- "$cur")) else if [[ $command == speed ]]; then COMPREPLY=($(compgen -W 'md2 mdc2 md5 hmac sha1 rmd160 idea-cbc rc2-cbc rc5-cbc bf-cbc des-cbc des-ede3 rc4 rsa512 rsa1024 rsa2048 rsa4096 dsa512 dsa1024 dsa2048 idea rc2 des rsa blowfish' -- "$cur")) else _filedir fi fi fi } && complete -F _openssl -o default openssl # ex: filetype=sh