Bug 1370501 - certutil - wrong documentation of 'T' and 'C' trust arguments
Summary: certutil - wrong documentation of 'T' and 'C' trust arguments
Keywords:
Status: CLOSED UPSTREAM
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: nss
Version: 7.3
Hardware: All
OS: Linux
low
low
Target Milestone: rc
: ---
Assignee: nss-nspr-maint
QA Contact: BaseOS QE Security Team
URL:
Whiteboard:
Depends On:
Blocks: 1370517
TreeView+ depends on / blocked
 
Reported: 2016-08-26 13:41 UTC by Stanislav Zidek
Modified: 2016-09-08 10:55 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1370517 (view as bug list)
Environment:
Last Closed: 2016-09-08 10:55:49 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Mozilla Foundation 1301071 0 None None None 2016-09-07 14:31:36 UTC

Description Stanislav Zidek 2016-08-26 13:41:55 UTC 
Description of problem:

Manpage says:
-t trustargs
...
T - Trusted CA (implies c)
C - trusted CA for client authentication (ssl server only)

According to conversation with Kai, it should be the other way round.

Version-Release number of selected component (if applicable):
# rpm -q nss-tools
nss-tools-3.19.1-18.el7.x86_64

How reproducible:
always

Steps to Reproduce:
1. man certutil
2. see -t option

Actual results:
T - Trusted CA (implies c)
C - trusted CA for client authentication (ssl server only)

Expected results:
C - Trusted CA (implies c)
T - trusted CA for client authentication (ssl server only)
Comment 1 Kai Engert (:kaie) (inactive account) 2016-09-07 14:32:15 UTC 
Should be fixed upstream, we can pick up with rebase.
Comment 2 Kai Engert (:kaie) (inactive account) 2016-09-08 10:55:49 UTC 
This has been fixed upstream. We will get the fix by rebasing to NSS 3.27 or a newer version.

I think we don't need to track this downstream.

If you think we must, please reopn, or mark as duplicate of a NSS 3.27+ rebase bug.
Note You need to log in before you can comment on or make changes to this bug.