certtool: updates in documentation in messages for CRL generation

This fixes the messages printed for the generation of a CRL, and
makes the return code of the CRL verification depending on the
verification result.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

3 files changed, 13 insertions, 9 deletions

diff --git a/src/certtool-args.def b/src/certtool-args.def
index 0a980fb2db..84a40efb05 100644
--- a/src/certtool-args.def
+++ b/src/certtool-args.def
@@ -287,7 +287,8 @@ flag = {
 flag = {
     name      = generate-crl;
     descrip   = "Generate a CRL";
-    doc = "This option generates a Certificate Revocation List. When combined with --load-crl it would use the loaded CRL as base for the generated (i.e., all revoked certificates in the base will be copied to the new CRL).";
+    doc = "This option generates a Certificate Revocation List. When combined with --load-crl it would use the loaded CRL as base for the generated (i.e., all revoked certificates in the base will be copied to the new CRL).
+To add new certificates to the CRL use --load-certificate.";
 };
 
 
diff --git a/src/certtool-cfg.c b/src/certtool-cfg.c
index b2f4e9ce11..8d5f63417d 100644
--- a/src/certtool-cfg.c
+++ b/src/certtool-cfg.c
@@ -1576,7 +1576,7 @@ void read_serial_value(unsigned char *serial, size_t *size, size_t max_size,
 
 	while (true) {
 		fprintf(stderr,
-			"Enter the certificate's %s in decimal (123) or hex (0xabcd)\n"
+			"Enter the %s in decimal (123) or hex (0xabcd)\n"
 			"(default is 0x%s)\n"
 			"value: ",
 			label, encoded_default.data);
@@ -1679,7 +1679,7 @@ int default_serial(unsigned char *serial, size_t *size)
 void get_serial(unsigned char *serial, size_t *size)
 {
 	get_serial_value(serial, size, cfg.serial, cfg.serial_size,
-			default_serial, "serial number", "4.1.2.2");
+			default_serial, "certificate's serial number", "4.1.2.2");
 }
 
 static
@@ -1776,8 +1776,7 @@ time_t get_int_date(const char *txt_val, int int_val, const char *msg)
 
 		do {
 			days =
-			    read_int
-			    ("The certificate will expire in (days): ");
+			    read_int(msg);
 		}
 		while (days == 0);
 		return days_to_secs(days);
@@ -1816,7 +1815,7 @@ int get_crq_extensions_status(void)
 void get_crl_number(unsigned char* serial, size_t * size)
 {
 	get_serial_value(serial, size, cfg.crl_number, cfg.crl_number_size,
-			default_crl_number, "CRL number", "5.2.3");
+			default_crl_number, "CRL's serial number", "5.2.3");
 }
 
 int get_path_len(void)
diff --git a/src/certtool.c b/src/certtool.c
index 908cff3722..88f8fc52f1 100644
--- a/src/certtool.c
+++ b/src/certtool.c
@@ -796,7 +796,6 @@ generate_crl(gnutls_x509_crt_t ca_crt, common_info_st * cinfo)
 		app_exit(1);
 	}
 
-	fprintf(stderr, "Update times.\n");
 	secs = get_crl_next_update();
 
 	result =
@@ -2479,7 +2478,7 @@ void verify_crl(common_info_st * cinfo)
 	size_t size;
 	gnutls_datum_t dn;
 	unsigned int output;
-	int ret;
+	int ret, rc;
 	gnutls_datum_t pem, pout;
 	gnutls_x509_crl_t crl;
 	gnutls_x509_crt_t issuer;
@@ -2519,7 +2518,6 @@ void verify_crl(common_info_st * cinfo)
 
 	print_crl_info(crl, outfile);
 
-	fprintf(outfile, "Verification output: ");
 	ret = gnutls_x509_crl_verify(crl, &issuer, 1, 0, &output);
 	if (ret < 0) {
 		fprintf(stderr, "verification error: %s\n",
@@ -2527,10 +2525,14 @@ void verify_crl(common_info_st * cinfo)
 		app_exit(1);
 	}
 
+	fprintf(outfile, "Verification output: ");
+
 	if (output) {
 		fprintf(outfile, "Not verified. ");
+		rc = 1;
 	} else {
 		fprintf(outfile, "Verified.");
+		rc = 0;
 	}
 
 	ret =
@@ -2546,6 +2548,8 @@ void verify_crl(common_info_st * cinfo)
 	gnutls_free(pout.data);
 
 	fprintf(outfile, "\n");
+
+	app_exit(rc);
 }
 
 static void print_dn(const char *prefix, const gnutls_datum_t *raw)