Bug 1370501

Summary: certutil - wrong documentation of 'T' and 'C' trust arguments
Product: Red Hat Enterprise Linux 7 Reporter: Stanislav Zidek <szidek>
Component: nssAssignee: nss-nspr-maint <nss-nspr-maint>
Status: CLOSED UPSTREAM QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: low Docs Contact:
Priority: low    
Version: 7.3CC: hkario, kengert
Target Milestone: rcKeywords: Documentation
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1370517 (view as bug list) Environment:
Last Closed: 2016-09-08 10:55:49 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 1370517    

Description Stanislav Zidek 2016-08-26 13:41:55 UTC
Description of problem:

Manpage says:
-t trustargs
...
T - Trusted CA (implies c)
C - trusted CA for client authentication (ssl server only)

According to conversation with Kai, it should be the other way round.

Version-Release number of selected component (if applicable):
# rpm -q nss-tools
nss-tools-3.19.1-18.el7.x86_64

How reproducible:
always

Steps to Reproduce:
1. man certutil
2. see -t option

Actual results:
T - Trusted CA (implies c)
C - trusted CA for client authentication (ssl server only)

Expected results:
C - Trusted CA (implies c)
T - trusted CA for client authentication (ssl server only)

Comment 1 Kai Engert (:kaie) (inactive account) 2016-09-07 14:32:15 UTC
Should be fixed upstream, we can pick up with rebase.

Comment 2 Kai Engert (:kaie) (inactive account) 2016-09-08 10:55:49 UTC
This has been fixed upstream. We will get the fix by rebasing to NSS 3.27 or a newer version.

I think we don't need to track this downstream.

If you think we must, please reopn, or mark as duplicate of a NSS 3.27+ rebase bug.