# bash completion for openssl -*- shell-script -*- _comp_cmd_openssl__compgen_sections() { local config="" _i _file # check if a specific configuration file is used for ((_i = 2; _i < cword; _i++)); do if [[ ${words[_i]} == -config ]]; then config=${words[_i + 1]} break fi done # if no config given, check some usual default locations if [[ ! $config ]]; then for _file in /etc/ssl/openssl.cnf /etc/pki/tls/openssl.cnf \ /usr/share/ssl/openssl.cnf; do [[ -f $_file ]] && config=$_file && break done fi [[ ! -f $config ]] && return _comp_compgen -U config split -- "$(_comp_awk '/\[.*\]/ {print $2}' "$config")" } _comp_cmd_openssl__compgen_digests() { [[ $cur == -* ]] || return _comp_compgen_split -- "$( "$1" dgst -h 2>&1 | _comp_awk '/^-.*[ \t]to use the .* message digest algorithm/ { print $1 }' )" _comp_compgen -ac "${cur#-}" split -P "-" -- "$("$1" help 2>&1 | command sed -ne '/^Message Digest commands/,/^[[:space:]]*$/p' | command sed -e 1d)" } _comp_cmd_openssl() { local cur prev words cword comp_args _comp_initialize -- "$@" || return local commands command formats commands='asn1parse ca ciphers crl crl2pkcs7 dgst dh dhparam dsa dsaparam ec ecparam enc engine errstr gendh gendsa genrsa nseq ocsp passwd pkcs12 pkcs7 pkcs8 prime rand req rsa rsautl s_client s_server s_time sess_id smime speed spkac storeutl verify version x509 md2 md4 md5 rmd160 sha sha1 aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb aes-256-cbc aes-256-ecb base64 bf bf-cbc bf-cfb bf-ecb bf-ofb camellia-128-cbc camellia-128-ecb camellia-192-cbc camellia-192-ecb camellia-256-cbc camellia-256-ecb cast cast-cbc cast5-cbc cast5-cfb cast5-ecb cast5-ofb des des-cbc des-cfb des-ecb des-ede des-ede-cbc des-ede-cfb des-ede-ofb des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb des-ofb des3 desx rc2 rc2-40-cbc rc2-64-cbc rc2-cbc rc2-cfb rc2-ecb rc2-ofb rc4 rc4-40 sha224 sha256 sha384 sha512 genpkey pkey pkeyparam pkeyutl' if ((cword == 1)); then _comp_compgen -- -W "$commands" else command=${words[1]} case $prev in -CA | -CAfile | -CAkey | -CAserial | -cert | -certfile | -config | -content | \ -dcert | -dkey | -dhparam | -extfile | -in | -inkey | -kfile | -key | -keyout | \ -out | -oid | -paramfile | -peerkey | -prvrify | -rand | -recip | -revoke | \ -sess_in | -sess_out | -spkac | -sigfile | -sign | -signkey | -signer | \ -signature | -ss_cert | -untrusted | -verify | -writerand) _comp_compgen_filedir return ;; -outdir | -CApath) _comp_compgen_filedir -d return ;; -name | -crlexts | -extensions) _comp_cmd_openssl__compgen_sections return ;; -inform | -outform | -keyform | -certform | -CAform | -CAkeyform | -dkeyform | \ -dcertform | -peerform) formats='DER PEM' case $command in x509) formats+=" NET" ;; smime) formats+=" SMIME" ;; pkeyutl) formats+=" ENGINE" ;; esac _comp_compgen -- -W "$formats" return ;; -connect) _comp_compgen_known_hosts -- "$cur" return ;; -starttls) _comp_compgen -- -W ' smtp pop3 imap ftp xmpp xmpp-server telnet irc mysql postgres lmtp nntp sieve ldap' return ;; -cipher) _comp_compgen_split -F : -- "$("$1" ciphers)" return ;; -kdf) _comp_compgen -- -W 'TLS1-PRF HKDF' return ;; esac if [[ $cur == -* ]]; then # possible options for the command _comp_compgen_help -- "$command" -help case $command in dgst | req | x509) _comp_compgen -a -i openssl digests "$1" ;; esac else if [[ $command == speed ]]; then _comp_compgen -- -W 'md2 mdc2 md5 hmac sha1 rmd160 idea-cbc rc2-cbc rc5-cbc bf-cbc des-cbc des-ede3 rc4 rsa512 rsa1024 rsa2048 rsa4096 dsa512 dsa1024 dsa2048 idea rc2 des rsa blowfish' else _comp_compgen_filedir fi fi fi } && complete -F _comp_cmd_openssl -o default openssl # ex: filetype=sh