Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 892674 Details for
Bug 606022
nss security tools lack man pages
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
Address most of the defects pointed by hkario - v4
manfixes.patch (text/plain), 19.31 KB, created by
Elio Maldonado Batiz
on 2014-05-05 19:54:30 UTC
(
hide
)
Description:
Address most of the defects pointed by hkario - v4
Filename:
MIME Type:
Creator:
Elio Maldonado Batiz
Created:
2014-05-05 19:54:30 UTC
Size:
19.31 KB
patch
obsolete
>diff -up ./nss/doc/certutil.xml.cleanup ./nss/doc/certutil.xml >--- ./nss/doc/certutil.xml.cleanup 2014-05-05 08:41:09.924163989 -0700 >+++ ./nss/doc/certutil.xml 2014-05-05 08:41:09.945164179 -0700 >@@ -222,7 +222,7 @@ If this option is not used, the validity > > <varlistentry> > <term>-g keysize</term> >- <listitem><para>Set a key size to use when generating new public and private key pairs. The minimum is 512 bits and the maximum is 8192 bits. The default is 1024 bits. Any size between the minimum and maximum is allowed.</para></listitem> >+ <listitem><para>Set a key size to use when generating new public and private key pairs. The minimum is 512 bits and the maximum is 16384 bits. The default is 1024 bits. Any size between the minimum and maximum is allowed.</para></listitem> > </varlistentry> > > >@@ -360,7 +360,7 @@ of the attribute codes: > <para> > The attribute codes for the categories are separated by commas, and the entire set of attributes enclosed by quotation marks. For example: > </para> >-<para><command>-t "TCu,Cu,Tuw"</command></para> >+<para><command>-t "TCu,Cu,Tu"</command></para> > <para> > Use the -L option to see a list of the current certificates and trust attributes in a certificate database. </para></listitem> > </varlistentry> >@@ -432,11 +432,11 @@ of the attribute codes: > > <varlistentry> > <term>-1 | --keyUsage keyword,keyword</term> >- <listitem><para>Set a Netscape Certificate Type Extension in the certificate. There are several available keywords:</para> >+ <listitem><para>Set an X.509 V3 Certificate Type Extension in the certificate. There are several available keywords:</para> > <itemizedlist> > <listitem> > <para> >- digital signature >+ digitalSignature > </para> > </listitem> > <listitem> >@@ -498,7 +498,7 @@ of the attribute codes: > > <varlistentry> > <term>-5 | --nsCertType keyword,keyword</term> >- <listitem><para>Add a Netscape certificate type extension to a certificate that is being created or added to the database. There are several available keywords:</para> >+ <listitem><para>Add an X.509 V3 certificate type extension to a certificate that is being created or added to the database. There are several available keywords:</para> > <itemizedlist> > <listitem> > <para> >diff -up ./nss/doc/cmsutil.xml.cleanup ./nss/doc/cmsutil.xml >--- ./nss/doc/cmsutil.xml.cleanup 2013-11-09 09:23:30.000000000 -0800 >+++ ./nss/doc/cmsutil.xml 2014-05-05 08:41:09.945164179 -0700 >@@ -62,16 +62,16 @@ The options and arguments for the cmsuti > </para> > <variablelist> > <varlistentry> >- <term>-D </term> >- <listitem><para>Decode a message.</para></listitem> >- </varlistentry> >- >- <varlistentry> > <term>-C</term> > <listitem><para>Encrypt a message.</para></listitem> > </varlistentry> > > <varlistentry> >+ <term>-D </term> >+ <listitem><para>Decode a message.</para></listitem> >+ </varlistentry> >+ >+ <varlistentry> > <term>-E </term> > <listitem><para>Envelope a message.</para></listitem> > </varlistentry> >@@ -267,23 +267,11 @@ cmsutil -S [-i infile] [-o outfile] [-d > > </refsection> > >- <refsection> >+ <refsection id="seealso"> > <title>See also</title> > <para>certutil(1)</para> > </refsection> > >- >- <refsection id="seealso"> >- <title>See Also</title> >- <para></para> >- <para> >- </para> >- <para> >- </para> >- <para> >- </para> >- </refsection> >- > <!-- don't change --> > <refsection id="resources"> > <title>Additional Resources</title> >diff -up ./nss/doc/crlutil.xml.cleanup ./nss/doc/crlutil.xml >--- ./nss/doc/crlutil.xml.cleanup 2013-11-09 09:23:30.000000000 -0800 >+++ ./nss/doc/crlutil.xml 2014-05-05 08:41:09.945164179 -0700 >@@ -76,15 +76,6 @@ The options and arguments for the crluti > > <variablelist> > <varlistentry> >- <term>-G </term> >- <listitem> >- <para> >-Create new Certificate Revocation List(CRL). >- </para> >- </listitem> >- </varlistentry> >- >- <varlistentry> > <term>-D </term> > <listitem> > <para> >@@ -93,40 +84,38 @@ Delete Certificate Revocation List from > </listitem> > </varlistentry> > >- > <varlistentry> >- <term>-I </term> >+ <term>-E </term> > <listitem> > <para> >-Import a CRL to the cert database >+Erase all CRLs of specified type from the cert database > </para> > </listitem> > </varlistentry> > > <varlistentry> >- <term>-E </term> >+ <term>-G </term> > <listitem> > <para> >-Erase all CRLs of specified type from the cert database >+Create new Certificate Revocation List(CRL). > </para> > </listitem> > </varlistentry> > >- > <varlistentry> >- <term>-L </term> >+ <term>-I </term> > <listitem> > <para> >-List existing CRL located in cert database file. >+Import a CRL to the cert database > </para> > </listitem> > </varlistentry> > > <varlistentry> >- <term>-S </term> >+ <term>-L </term> > <listitem> > <para> >-Show contents of a CRL file which isn't stored in the database. >+List existing CRL located in cert database file. > </para> > </listitem> > </varlistentry> >@@ -141,17 +130,18 @@ Modify existing CRL which can be located > </varlistentry> > > <varlistentry> >- <term>-G </term> >+ <term>-S </term> > <listitem> > <para> >- >+Show contents of a CRL file which isn't stored in the database. > </para> > </listitem> > </varlistentry> >+ > </variablelist> > > <para><command>Arguments</command></para> >- <para>Option arguments modify an action and are lowercase.</para> >+ <para>Option arguments modify an action.</para> > > <variablelist> > >@@ -249,6 +239,15 @@ Specify the output file name for new CRL > </varlistentry> > > <varlistentry> >+ <term>-P dbprefix </term> >+ <listitem> >+ <para> >+Specify the prefix used on the NSS security database files (for example, my_cert8.db and my_key3.db). This option is provided as a special case. Changing the names of the certificate and key databases is not recommended. >+ </para> >+ </listitem> >+ </varlistentry> >+ >+ <varlistentry> > <term>-t crl-type </term> > <listitem> > <para> >@@ -355,7 +354,7 @@ Implemented Extensions > * Add The Authority Key Identifier extension: > </para> > <para> >- The authority key identifier extension provides a means of identifying the public key corresponding to the private key used to sign a CRL. >+The authority key identifier extension provides a means of identifying the public key corresponding to the private key used to sign a CRL. > </para> > <para> > authKeyId critical [key-id | dn cert-serial] >@@ -504,21 +503,9 @@ crlutil -G|-M -c crl-gen-file -n nicknam > </programlisting> > </refsection> > >- <refsection> >- <title>See also</title> >- <para>certutil(1)</para> >- </refsection> >- >- > <refsection id="seealso"> > <title>See Also</title> >- <para></para> >- <para> >- </para> >- <para> >- </para> >- <para> >- </para> >+ <para>certutil(1)</para> > </refsection> > > <!-- don't change --> >diff -up ./nss/doc/modutil.xml.cleanup ./nss/doc/modutil.xml >--- ./nss/doc/modutil.xml.cleanup 2014-05-05 08:41:09.935164089 -0700 >+++ ./nss/doc/modutil.xml 2014-05-05 08:41:09.946164188 -0700 >@@ -625,7 +625,8 @@ DISABLE: 0x40000000</progr > <para><command>Executable</command> specifies that the file is to be executed during the course of the installation. Typically, this string is used for a setup program provided by a module vendor, such as a self-extracting setup executable. More than one file can be specified as executable, in which case the files are run in the order in which they are specified in the script file.</para> > <para><command>FilePermissions</command> sets permissions on any referenced files in a string of octal digits, according to the standard Unix format. This string is a bitwise OR.</para> > >-<programlisting>user read: 0400 >+<programlisting> >+user read: 0400 > user write: 0200 > user execute: 0100 > group read: 0040 >@@ -633,7 +634,8 @@ group write: 0020 > group execute: 0010 > other read: 0004 > other write: 0002 >-other execute: 0001</programlisting> >+other execute: 0001 >+</programlisting> > > <para>Some platforms may not understand these permissions. They are applied only insofar as they make sense for the current platform. If this attribute is omitted, a default of 777 is assumed.</para> > </refsection> >@@ -693,7 +695,7 @@ Using the SQLite databases must be manua > <para>To set the shared database type as the default type for the tools, set the <envar>NSS_DEFAULT_DB_TYPE</envar> environment variable to <envar>sql</envar>:</para> > <programlisting>export NSS_DEFAULT_DB_TYPE="sql"</programlisting> > >-<para>This line can be set added to the <filename>~/.bashrc</filename> file to make the change permanent.</para> >+<para>This line can be added to the <filename>~/.bashrc</filename> file to make the change permanent for the user.</para> > > <para>Most applications do not use the shared database by default, but they can be configured to use them. For example, this how-to article covers how to configure Firefox and Thunderbird to use the new shared NSS databases:</para> > <itemizedlist> >diff -up ./nss/doc/pk12util.xml.cleanup ./nss/doc/pk12util.xml >--- ./nss/doc/pk12util.xml.cleanup 2013-11-09 09:23:30.000000000 -0800 >+++ ./nss/doc/pk12util.xml 2014-05-05 08:41:09.946164188 -0700 >@@ -28,10 +28,10 @@ > <cmdsynopsis> > <command>pk12util</command> > <arg>-i p12File [-h tokenname] [-v] [common-options] </arg> >- <arg> >- -l p12File [-h tokenname] [-r] [common-options] </arg> >- <arg> >- -o p12File -n certname [-c keyCipher] [-C certCipher] [-m|--key_len keyLen] [-n|--cert_key_len certKeyLen] [common-options] </arg> >+ <arg>-l p12File [-h tokenname] [-r] [common-options] </arg> >+ <arg>-o p12File -n certname [-c keyCipher] [-C certCipher] [-m|--key_len keyLen] [-n|--cert_key_len certKeyLen] >+[common-options] >+ </arg> > <arg> > > common-options are: >@@ -309,86 +309,48 @@ Certificate Friendly Name: Thawte Fre > > <varlistentry> > <term>Symmetric CBC ciphers for PKCS#5 V2</term> >- <listitem><para>DES_CBC</para> >- <itemizedlist> >- <listitem> >- <para>RC2-CBC</para> >- </listitem> >- <listitem> >- <para>RC5-CBCPad</para> >- </listitem> >- <listitem> >- <para>DES-EDE3-CBC (the default for key encryption)</para> >- </listitem> >- <listitem> >- <para>AES-128-CBC</para> >- </listitem> >- <listitem> >- <para>AES-192-CBC</para> >- </listitem> >- <listitem> >- <para>AES-256-CBC</para> >- </listitem> >- <listitem> >- <para>CAMELLIA-128-CBC</para> >- </listitem> >- <listitem> >- <para>CAMELLIA-192-CBC</para> >- </listitem> >- <listitem> >- <para>CAMELLIA-256-CBC</para></listitem> >- </itemizedlist> >- </listitem> >+ <listitem> >+ <itemizedlist> >+ <listitem><para>DES-CBC</para></listitem> >+ <listitem><para>RC2-CBC</para></listitem> >+ <listitem><para>RC5-CBCPad</para></listitem> >+ <listitem><para>DES-EDE3-CBC (the default for key encryption)</para></listitem> >+ <listitem><para>AES-128-CBC</para></listitem> >+ <listitem><para>AES-192-CBC</para></listitem> >+ <listitem><para>AES-256-CBC</para></listitem> >+ <listitem><para>CAMELLIA-128-CBC</para></listitem> >+ <listitem><para>CAMELLIA-192-CBC</para></listitem> >+ <listitem><para>CAMELLIA-256-CBC</para></listitem> >+ </itemizedlist> >+ </listitem> > </varlistentry> > > <varlistentry> > <term>PKCS#12 PBE ciphers</term> >- <listitem><para>PKCS #12 PBE with Sha1 and 128 Bit RC4</para> >- <itemizedlist> >- <listitem> >- <para>PKCS #12 PBE with Sha1 and 40 Bit RC4</para> >- </listitem> >- <listitem> >- <para>PKCS #12 PBE with Sha1 and Triple DES CBC</para> >- </listitem> >- <listitem> >- <para>PKCS #12 PBE with Sha1 and 128 Bit RC2 CBC</para> >- </listitem> >- <listitem> >- <para>PKCS #12 PBE with Sha1 and 40 Bit RC2 CBC</para> >- </listitem> >- <listitem> >- <para>PKCS12 V2 PBE with SHA1 and 128 Bit RC4</para> >- </listitem> >- <listitem> >- <para>PKCS12 V2 PBE with SHA1 and 40 Bit RC4 (the default for non-FIPS mode)</para> >- </listitem> >- <listitem> >- <para>PKCS12 V2 PBE with SHA1 and 3KEY Triple DES-cbc</para> >- </listitem> >- <listitem> >- <para>PKCS12 V2 PBE with SHA1 and 2KEY Triple DES-cbc</para> >- </listitem> >- <listitem> >- <para>PKCS12 V2 PBE with SHA1 and 128 Bit RC2 CBC</para> >- </listitem> >- <listitem> >- <para>PKCS12 V2 PBE with SHA1 and 40 Bit RC2 CBC</para></listitem> >- </itemizedlist> >- </listitem> >- </varlistentry> >- >- <varlistentry> >- <term>PKCS#5 PBE ciphers</term> >- <listitem><para>PKCS #5 Password Based Encryption with MD2 and DES CBC</para> >- <itemizedlist> >- <listitem> >- <para>PKCS #5 Password Based Encryption with MD5 and DES CBC</para> >- </listitem> >- <listitem> >- <para>PKCS #5 Password Based Encryption with SHA1 and DES CBC</para></listitem> >- </itemizedlist> >- </listitem> >+ <listitem> >+ <itemizedlist> >+ <listitem><para>PKCS #12 PBE with Sha1 and 128 Bit RC4</para></listitem> >+ <listitem><para>PKCS #12 PBE with Sha1 and 40 Bit RC4</para></listitem> >+ <listitem><para>PKCS #12 PBE with Sha1 and Triple DES CBC</para></listitem> >+ <listitem><para>PKCS #12 PBE with Sha1 and 128 Bit RC2 CBC</para></listitem> >+ <listitem><para>PKCS #12 PBE with Sha1 and 40 Bit RC2 CBC</para></listitem> >+ <listitem><para>PKCS12 V2 PBE with SHA1 and 128 Bit RC4</para></listitem> >+ <listitem><para>PKCS12 V2 PBE with SHA1 and 40 Bit RC4 (the default for non-FIPS mode)</para></listitem> >+ <listitem><para>PKCS12 V2 PBE with SHA1 and 3KEY Triple DES-cbc</para></listitem> >+ <listitem><para>PKCS12 V2 PBE with SHA1 and 2KEY Triple DES-cbc</para></listitem> >+ <listitem><para>PKCS12 V2 PBE with SHA1 and 128 Bit RC2 CBC</para></listitem> >+ <listitem><para>PKCS12 V2 PBE with SHA1 and 40 Bit RC2 CBC</para></listitem> >+ </itemizedlist> >+ </listitem> >+ </varlistentry> >+ <varlistentry><term>PKCS#5 PBE ciphers</term> >+ <listitem> >+ <itemizedlist> >+ <listitem><para>PKCS #5 Password Based Encryption with MD2 and DES CBC</para></listitem> >+ <listitem><para>PKCS #5 Password Based Encryption with MD5 and DES CBC</para></listitem> >+ <listitem><para>PKCS #5 Password Based Encryption with SHA1 and DES CBC</para></listitem> >+ </itemizedlist> >+ </listitem> > </varlistentry> > </variablelist> > <para>With PKCS#12, the crypto provider may be the soft token module or an external hardware module. If the cryptographic module does not support the requested algorithm, then the next best fit will be selected (usually the default). If no suitable replacement for the desired algorithm can be found, the tool returns the error <emphasis>no security module can perform the requested operation</emphasis>.</para> >diff -up ./nss/doc/signtool.xml.cleanup ./nss/doc/signtool.xml >--- ./nss/doc/signtool.xml.cleanup 2013-11-09 09:23:30.000000000 -0800 >+++ ./nss/doc/signtool.xml 2014-05-05 08:41:09.946164188 -0700 >@@ -149,15 +149,15 @@ It's also possible to use the -k option > </varlistentry> > <varlistentry> > <term>-G nickname</term> >- <listitem><para> >+ <listitem><para> > Generates a new private-public key pair and corresponding object-signing certificate with the given nickname. > > The newly generated keys and certificate are installed into the key and certificate databases in the directory specified by the -d option. With the NT version of Netscape Signing Tool, you must use the -d option with the -G option. With the Unix version of Netscape Signing Tool, omitting the -d option causes the tool to install the keys and certificate in the Communicator key and certificate databases. If you are installing the keys and certificate in the Communicator databases, you must exit Communicator before using this option; otherwise, you risk corrupting the databases. In all cases, the certificate is also output to a file named x509.cacert, which has the MIME-type application/x-x509-ca-cert. > > Unlike certificates normally used to sign finished code to be distributed over a network, a test certificate created with -G is not signed by a recognized certificate authority. Instead, it is self-signed. In addition, a single test signing certificate functions as both an object-signing certificate and a CA. When you are using it to sign objects, it behaves like an object-signing certificate. When it is imported into browser software such as Communicator, it behaves like an object-signing CA and cannot be used to sign objects. > >-The -G option is available in Netscape Signing Tool 1.0 and later versions only. By default, it produces only RSA certificates with 1024-byte keys in the internal token. However, you can use the -s option specify the required key size and the -t option to specify the token. For more information about the use of the -G option, see "Generating Test Object-Signing Certificates""Generating Test Object-Signing Certificates" on page 1241. >-</para></listitem> >+The -G option is available in Netscape Signing Tool 1.0 and later versions only. By default, it produces only RSA certificates with 1024-byte keys in the internal token. However, you can use the -s option specify the required key size and the -t option to specify the token. >+ </para></listitem> > </varlistentry> > <varlistentry> > <term>-l</term> >diff -up ./nss/doc/signver.xml.cleanup ./nss/doc/signver.xml >--- ./nss/doc/signver.xml.cleanup 2013-11-09 09:23:30.000000000 -0800 >+++ ./nss/doc/signver.xml 2014-05-05 08:41:09.946164188 -0700 >@@ -163,7 +163,7 @@ Using the SQLite databases must be manua > <para>To set the shared database type as the default type for the tools, set the <envar>NSS_DEFAULT_DB_TYPE</envar> environment variable to <envar>sql</envar>:</para> > <programlisting>export NSS_DEFAULT_DB_TYPE="sql"</programlisting> > >-<para>This line can be set added to the <filename>~/.bashrc</filename> file to make the change permanent.</para> >+<para>This line can be added to the <filename>~/.bashrc</filename> file to make the change permanent for the user.</para> > > <para>Most applications do not use the shared database by default, but they can be configured to use them. For example, this how-to article covers how to configure Firefox and Thunderbird to use the new shared NSS databases:</para> > <itemizedlist> >diff -up ./nss/doc/ssltap.xml.cleanup ./nss/doc/ssltap.xml >--- ./nss/doc/ssltap.xml.cleanup 2013-11-09 09:23:30.000000000 -0800 >+++ ./nss/doc/ssltap.xml 2014-05-05 08:41:09.947164197 -0700 >@@ -76,15 +76,6 @@ If the -s option is used with -h, two se > </para> > </listitem> > </varlistentry> >- <varlistentry> >- <term>-x </term> >- <listitem> >- <para> >-Turn on hex/ASCII printing of undecoded data inside parsed SSL records. Used only with the -s option. >-This option uses the same output format as the -h option. >- </para> >- </listitem> >- </varlistentry> > <varlistentry> > <term>-l prefix</term> > <listitem>
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=892674">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
hkario
: review-
Actions:
View
|
Diff
Attachments on
bug 606022
:
862576
|
862577
|
862578
|
892672
|
892674
|
894337
|
894811
|
894820