diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-04-05 08:12:17 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-04-05 08:51:35 +0200 |
commit | 1031e8a1a789fb4865220fe4c5cb8e15a451eb3d (patch) | |
tree | 09060c25deb852a371606145f6d796374ce8b826 /src/certtool-args.def | |
parent | 809631ddc7612d41d90e69967c644c1dcb1c9e3b (diff) | |
download | gnutls-1031e8a1a789fb4865220fe4c5cb8e15a451eb3d.tar.gz |
certtool: improved documentation
Incorporated comments made in Lenka Horakova's thesis study.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'src/certtool-args.def')
-rw-r--r-- | src/certtool-args.def | 18 |
1 files changed, 11 insertions, 7 deletions
diff --git a/src/certtool-args.def b/src/certtool-args.def index f832f0f9a9..8cf1ab7be9 100644 --- a/src/certtool-args.def +++ b/src/certtool-args.def @@ -6,8 +6,9 @@ detail = "Tool to parse and generate X.509 certificates, requests and private It can be used interactively or non interactively by specifying the template command line option. -The tool accepts files or URLs supported by GnuTLS. In case PIN is required for the URL -access you can provide it using the environment variables GNUTLS_PIN and GNUTLS_SO_PIN. +The tool accepts files or supported URIs via the --infile option. In case PIN +is required for URI access you can provide it using the environment variables GNUTLS_PIN +and GNUTLS_SO_PIN. "; short-usage = "certtool [options]\ncerttool --help for usage instructions.\n"; explain = ""; @@ -40,7 +41,7 @@ flag = { flag = { name = generate-crl; descrip = "Generate a CRL"; - doc = "This option generates a CRL. When combined with --load-crl it would use the loaded CRL as base for the generated (i.e., all revoked certificates in the base will be copied to the new CRL)."; + doc = "This option generates a Certificate Revocation List. When combined with --load-crl it would use the loaded CRL as base for the generated (i.e., all revoked certificates in the base will be copied to the new CRL)."; }; flag = { @@ -88,21 +89,24 @@ flag = { name = verify-chain; value = e; descrip = "Verify a PEM encoded certificate chain"; - doc = "The last certificate in the chain must be a self signed one. It can be combined with --verify-purpose or --verify-hostname."; + doc = "Verifies the validity of a certificate chain. That is, an ordered set of + certificates where each one is the issuer of the previous, and the first is + the end-certificate to be validated. In a proper chain the last certificate + is a self signed one. It can be combined with --verify-purpose or --verify-hostname."; }; flag = { name = verify; - descrip = "Verify a PEM encoded certificate chain using a trusted list"; + descrip = "Verify a PEM encoded certificate (chain) against a trusted set"; doc = "The trusted certificate list can be loaded with --load-ca-certificate. If no -certificate list is provided, then the system's certificate list is used. Note that +certificate list is provided, then the system's trusted certificate list is used. Note that during verification multiple paths may be explored. On a successful verification the successful path will be the last one. It can be combined with --verify-purpose or --verify-hostname."; }; flag = { name = verify-crl; - descrip = "Verify a CRL using a trusted list"; + descrip = "Verify a Certificate Revocation List using a trusted list"; doc = "The trusted certificate list must be loaded with --load-ca-certificate."; flags-must = load-ca-certificate; }; |