Clean TLCP code

tools/tlcp_client.c

@@ -290,7 +290,7 @@ int tlcp_client_main(int argc, char *argv[])
 			if (--argc < 1) goto bad;
 			supported_group_name = *(++argv);
 			if ((supported_group = tls_named_curve_from_name(supported_group_name)) == 0) {
-				fprintf(stderr, "%s: -supported_group '%s' not supported\n", prog, supported_group_name);
+				fprintf(stderr, "%s: -supported_group '%s' invalid\n", prog, supported_group_name);
 				return -1;
 			}
 			supported_groups[supported_groups_cnt++] = supported_group;

tools/tlcp_help.h

@@ -15,27 +15,25 @@
 "\n"
 "Examples\n"
 "\n"
-"    gmssl sm2keygen -pass 1234 -out rootcakey.pem\n"
-"    gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN ROOTCA -days 3650 -key rootcakey.pem -pass 1234 -out rootcacert.pem -key_usage keyCertSign -key_usage cRLSign -ca\n"
-"    gmssl sm2keygen -pass 1234 -out cakey.pem\n"
-"    gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN \"Sub CA\" -key cakey.pem -pass 1234 -out careq.pem\n"
-"    gmssl reqsign -in careq.pem -days 365 -key_usage keyCertSign -ca -path_len_constraint 0 -cacert rootcacert.pem -key rootcakey.pem -pass 1234 -out cacert.pem\n"
+"    gmssl sm2keygen -pass 1234 -out sm2rootcakey.pem\n"
+"    gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN ROOTCA -days 3650 -key sm2rootcakey.pem -pass 1234 -out sm2rootcacert.pem -key_usage keyCertSign -key_usage cRLSign -ca\n"
+"    gmssl sm2keygen -pass 1234 -out sm2cakey.pem\n"
+"    gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN \"Sub CA\" -key sm2cakey.pem -pass 1234 -out sm2careq.pem\n"
+"    gmssl reqsign -in sm2careq.pem -days 365 -key_usage keyCertSign -ca -path_len_constraint 0 -cacert sm2rootcacert.pem -key sm2rootcakey.pem -pass 1234 -out sm2cacert.pem\n"
 "\n"
-"    gmssl sm2keygen -pass 1234 -out signkey.pem\n"
-"    gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -key signkey.pem -pass 1234 -out signreq.pem\n"
-"    gmssl reqsign -in signreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out signcert.pem\n"
+"    gmssl sm2keygen -pass 1234 -out sm2signkey.pem\n"
+"    gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -key sm2signkey.pem -pass 1234 -out sm2signreq.pem\n"
+"    gmssl reqsign -in sm2signreq.pem -days 365 -key_usage digitalSignature -cacert sm2cacert.pem -key sm2cakey.pem -pass 1234 -out sm2signcert.pem\n"
 "\n"
-"    gmssl sm2keygen -pass 1234 -out enckey.pem\n"
-"    gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -key enckey.pem -pass 1234 -out encreq.pem\n"
-"    gmssl reqsign -in encreq.pem -days 365 -key_usage keyEncipherment -cacert cacert.pem -key cakey.pem -pass 1234 -out enccert.pem\n"
+"    gmssl sm2keygen -pass 1234 -out sm2enckey.pem\n"
+"    gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -key sm2enckey.pem -pass 1234 -out sm2encreq.pem\n"
+"    gmssl reqsign -in sm2encreq.pem -days 365 -key_usage keyEncipherment -cacert sm2cacert.pem -key sm2cakey.pem -pass 1234 -out sm2enccert.pem\n"
 "\n"
-"    cat signcert.pem > double_certs.pem\n"
-"    cat enccert.pem >> double_certs.pem\n"
-"    cat cacert.pem >> double_certs.pem\n"
-"    # double_keys.pem contains two encrypted private key PEM blocks with the same password:\n"
-"    # the first is the signing private key, the second is the encryption private key.\n"
-"    cat signkey.pem > double_keys.pem\n"
-"    cat enckey.pem >> double_keys.pem\n"
+"    cat sm2signcert.pem > tlcpcert.pem\n"
+"    cat sm2enccert.pem >> tlcpcert.pem\n"
+"    cat sm2cacert.pem >> tlcpcert.pem\n"
+"    cat sm2signkey.pem > tlcpkey.pem\n"
+"    cat sm2enckey.pem >> tlcpkey.pem\n"
 "\n"
-"    gmssl tlcp_server -port 443 -cert double_certs.pem -key double_keys.pem -pass 1234\n"
-"    gmssl tlcp_client -host 127.0.0.1 -cacert rootcacert.pem\n"
+"    gmssl tlcp_server -port 4431 -cert tlcpcert.pem -key tlcpkey.pem -pass 1234\n"
+"    gmssl tlcp_client -port 4431 -host 127.0.0.1 -cacert sm2rootcacert.pem\n"