Bug 1370517 - certutil - wrong documentation of 'T' and 'C' trust arguments
Summary: certutil - wrong documentation of 'T' and 'C' trust arguments
Keywords:
Status: CLOSED UPSTREAM
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: nss
Version: 6.9
Hardware: All
OS: Linux
low
low
Target Milestone: rc
: ---
Assignee: nss-nspr-maint
QA Contact: BaseOS QE Security Team
URL:
Whiteboard:
Depends On: 1370501
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-08-26 14:28 UTC by Stanislav Zidek
Modified: 2016-09-08 10:56 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1370501
Environment:
Last Closed: 2016-09-08 10:56:07 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Mozilla Foundation 1301071 0 None None None 2016-09-07 14:31:31 UTC

Description Stanislav Zidek 2016-08-26 14:28:38 UTC 
+++ This bug was initially created as a clone of Bug #1370501 +++

There is the same problem in RHEL-6.

Description of problem:

Manpage says:
-t trustargs
...
T - Trusted CA (implies c)
C - trusted CA for client authentication (ssl server only)

According to conversation with Kai, it should be the other way round.

Version-Release number of selected component (if applicable):
# rpm -q nss-tools
nss-tools-3.21.0-8.el6.x86_64

How reproducible:
always

Steps to Reproduce:
1. man certutil
2. see -t option

Actual results:
T - Trusted CA (implies c)
C - trusted CA for client authentication (ssl server only)

Expected results:
C - Trusted CA (implies c)
T - trusted CA for client authentication (ssl server only)
Comment 3 Kai Engert (:kaie) (inactive account) 2016-09-07 14:32:04 UTC 
Should be fixed upstream, we can pick up with rebase.
Comment 4 Kai Engert (:kaie) (inactive account) 2016-09-08 10:56:07 UTC 
This has been fixed upstream. We will get the fix by rebasing to NSS 3.27 or a newer version.

I think we don't need to track this downstream.

If you think we must, please reopn, or mark as duplicate of a NSS 3.27+ rebase bug.
Note You need to log in before you can comment on or make changes to this bug.