*** empty log message ***

6 files changed, 12 insertions, 67 deletions

diff --git a/NEWS b/NEWS
index 280437ea3e..f442c2193e 100644
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,8 @@ Version 0.9.95
 - Improved the verification functions. Added new verification
   output flags and removed the unused and redundant ones.
 - Improved the OpenPGP key support.
+- The prime utility was removed, and its functionality was moved
+  to certtool.
 
 Version 0.9.94 (30/10/2003)
 - Added manpages for the included programs.
diff --git a/lib/x509/verify.c b/lib/x509/verify.c
index b63d81a278..e1faf005cf 100644
--- a/lib/x509/verify.c
+++ b/lib/x509/verify.c
@@ -534,25 +534,25 @@ int ret, issuer_params_size, i;
   * @flags: Flags that may be used to change the verification algorithm. Use OR of the gnutls_certificate_verify_flags enumerations.
   * @verify: will hold the certificate verification output.
   *
-  * This function will try to verify the given certificate list and return its status (TRUSTED, REVOKED etc.). 
-  * The return value (status) should be one or more of the gnutls_certificate_status 
-  * enumerated elements bitwise or'd. Note that expiration and activation dates are not checked 
+  * This function will try to verify the given certificate list and return its status.
+  * Note that expiration and activation dates are not checked
   * by this function, you should check them using the appropriate functions.
   *
   * If no flags are specified (0), this function will use the 
   * basicConstraints (2.5.29.19) PKIX extension. This means that only a certificate 
   * authority is allowed to sign a certificate.
   *
-  * However you must also check the peer's name in order to check if the verified 
+  * You must also check the peer's name in order to check if the verified 
   * certificate belongs to the actual peer. 
   *
-  *
   * The certificate verification output will be put in 'verify' and will be
   * one or more of the gnutls_certificate_status enumerated elements bitwise or'd.
+  * For a more detailed verification status use gnutls_x509_crt_verify() per list
+  * element.
   *
-  * GNUTLS_CERT_INVALID\: the peer's certificate is not valid.
+  * GNUTLS_CERT_INVALID\: the certificate chain is not valid.
   *
-  * GNUTLS_CERT_REVOKED\: the certificate has been revoked.
+  * GNUTLS_CERT_REVOKED\: a certificate in the chain has been revoked.
   *
   * Returns 0 on success and a negative value in case of an error.
   *
diff --git a/libextra/openpgp/verify.c b/libextra/openpgp/verify.c
index 9df5957971..bddf9a60e1 100644
--- a/libextra/openpgp/verify.c
+++ b/libextra/openpgp/verify.c
@@ -139,8 +139,7 @@ int gnutls_openpgp_key_verify_ring( gnutls_openpgp_key key,
  * @verify: will hold the certificate verification output.
  *
  * Checks if the key is revoked or disabled, in the trustdb.
- *
- * The certificate verification output will be put in 'verify' and will be
+ * The verification output will be put in 'verify' and will be
  * one or more of the gnutls_certificate_status enumerated elements bitwise or'd.
  *
  * GNUTLS_CERT_INVALID\: A signature on the key is invalid.
diff --git a/src/certtool-gaa.c b/src/certtool-gaa.c
index a76d11895e..1d9d361e90 100644
--- a/src/certtool-gaa.c
+++ b/src/certtool-gaa.c
@@ -129,7 +129,7 @@ void gaa_help(void)
 	__gaa_helpsingle(0, "load-certificate", "FILE ", "Certificate file to use.");
 	__gaa_helpsingle(0, "load-ca-privkey", "FILE ", "Certificate authority's private key file to use.");
 	__gaa_helpsingle(0, "load-ca-certificate", "FILE ", "Certificate authority's certificate file to use.");
-	__gaa_helpsingle(0, "password", "FILE ", "Password to use.");
+	__gaa_helpsingle(0, "password", "PASSWORD ", "Password to use.");
 	__gaa_helpsingle('i', "certificate-info", "", "Print information on a certificate.");
 	__gaa_helpsingle(0, "p12-info", "", "Print information on a PKCS #12 structure.");
 	__gaa_helpsingle('k', "key-info", "", "Print information on a private key.");
diff --git a/src/certtool.gaa b/src/certtool.gaa
index 67ee216aab..24460820b9 100644
--- a/src/certtool.gaa
+++ b/src/certtool.gaa
@@ -31,7 +31,7 @@ option (load-ca-privkey) STR "FILE" { $ca_privkey = $1 } "Certificate authority'
 option (load-ca-certificate) STR "FILE" { $ca = $1 } "Certificate authority's certificate file to use."
 
 #char *pass;
-option (password) STR "FILE" { $pass = $1 } "Password to use."
+option (password) STR "PASSWORD" { $pass = $1 } "Password to use."
 
 option (i, certificate-info) { $action = 2; } "Print information on a certificate."
 
diff --git a/tests/test25.pem b/tests/test25.pem
index d3ba3ba1ea..72220a4f26 100644
--- a/tests/test25.pem
+++ b/tests/test25.pem
@@ -180,59 +180,3 @@ CSqGSIb3DQEBBQUAA4GBABZWD2Gsh4tP62QSG8OFWUpo4TulIcFZLpGsaP4T/2Nt
 Yl/fLKE9/BvQOrvYzBs2EqKrrT7m4VK0dRMR7CeVpmPP08z0Tti6uK2tzBplp1pF
 -----END CERTIFICATE-----
 
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number: 99999 (0x1869f)
-        Signature Algorithm: sha1WithRSAEncryption
-        Issuer: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=Trust Anchor
-        Validity
-            Not Before: Jan  1 12:01:00 1999 GMT
-            Not After : Jan  1 12:01:00 2048 GMT
-        Subject: C=US, O=U.S. Government, OU=DoD, OU=Testing, CN=Trust Anchor
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:d3:f3:b9:c1:33:b7:3f:a7:27:f6:41:1d:5c:9c:
-                    79:9d:aa:d2:95:10:b7:84:ce:da:a3:e5:58:0c:3e:
-                    4e:8b:56:bf:3e:aa:21:2d:50:13:fe:f3:19:2e:7a:
-                    cb:11:cf:f3:d3:b8:5f:57:9f:9d:97:80:af:1d:95:
-                    57:12:df:34:d4:bd:f3:ae:4d:e7:7c:a6:20:d4:04:
-                    4e:da:63:61:3e:3d:2a:8d:37:cf:c5:3c:c9:f9:fa:
-                    f0:39:48:04:78:bd:b0:dd:f5:24:46:33:a1:46:9f:
-                    17:9f:04:bb:cf:37:94:0c:13:43:aa:90:ac:91:78:
-                    1d:ba:f3:18:84:2a:82:2b:47
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Subject Key Identifier: 
-                AB:9A:EB:F9:C2:E7:54:8F
-            X509v3 Basic Constraints: 
-                CA:TRUE
-            X509v3 Authority Key Identifier: 
-                keyid:AB:9A:EB:F9:C2:E7:54:8F
-
-    Signature Algorithm: sha1WithRSAEncryption
-        16:56:0f:61:ac:87:8b:4f:eb:64:12:1b:c3:85:59:4a:68:e1:
-        3b:a5:21:c1:59:2e:91:ac:68:fe:13:ff:63:6d:ee:55:d4:a0:
-        82:4c:37:bc:16:8e:a9:26:61:fe:7f:46:fa:38:1f:13:5c:8a:
-        6a:b7:12:47:98:72:b9:b5:56:80:ee:78:95:18:1a:f4:63:70:
-        26:39:9b:19:20:84:8d:bb:62:5f:df:2c:a1:3d:fc:1b:d0:3a:
-        bb:d8:cc:1b:36:12:a2:ab:ad:3e:e6:e1:52:b4:75:13:11:ec:
-        27:95:a6:63:cf:d3:cc:f4:4e:d8:ba:b8:ad:ad:cc:1a:65:a7:
-        5a:45
------BEGIN CERTIFICATE-----
-MIICbDCCAdWgAwIBAgIDAYafMA0GCSqGSIb3DQEBBQUAMF4xCzAJBgNVBAYTAlVT
-MRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA0RvRDEQMA4GA1UE
-CxMHVGVzdGluZzEVMBMGA1UEAxMMVHJ1c3QgQW5jaG9yMB4XDTk5MDEwMTEyMDEw
-MFoXDTQ4MDEwMTEyMDEwMFowXjELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4g
-R292ZXJubWVudDEMMAoGA1UECxMDRG9EMRAwDgYDVQQLEwdUZXN0aW5nMRUwEwYD
-VQQDEwxUcnVzdCBBbmNob3IwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANPz
-ucEztz+nJ/ZBHVyceZ2q0pUQt4TO2qPlWAw+TotWvz6qIS1QE/7zGS56yxHP89O4
-X1efnZeArx2VVxLfNNS9865N53ymINQETtpjYT49Ko03z8U8yfn68DlIBHi9sN31
-JEYzoUafF58Eu883lAwTQ6qQrJF4HbrzGIQqgitHAgMBAAGjODA2MBEGA1UdDgQK
-BAirmuv5wudUjzAMBgNVHRMEBTADAQH/MBMGA1UdIwQMMAqACKua6/nC51SPMA0G
-CSqGSIb3DQEBBQUAA4GBABZWD2Gsh4tP62QSG8OFWUpo4TulIcFZLpGsaP4T/2Nt
-7lXUoIJMN7wWjqkmYf5/Rvo4HxNcimq3EkeYcrm1VoDueJUYGvRjcCY5mxkghI27
-Yl/fLKE9/BvQOrvYzBs2EqKrrT7m4VK0dRMR7CeVpmPP08z0Tti6uK2tzBplp1pF
------END CERTIFICATE-----