certutil -Z (for signature hash) is undocumented

RESOLVED FIXED in 3.17.4

Status

defect
RESOLVED FIXED
5 years ago
4 years ago

People

(Reporter: kaie, Assigned: Cykesiopka)

Tracking

3.16.4
3.17.4

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment, 1 obsolete attachment)

Reporter

Description

5 years ago
The -Z parameter can be given to the "certutil" tool, but it is undocumented. Neither the manpage nor certutil's help output mention it.

It takes a second parameter, which is a string to specify a hash algorithm, such as SHA256. The given parameter will be used by the -R/-S/-C when creating certificates or certificate requests.

At the time of writing, the following parameters are supported:
  MD2 MD4 MD5 SHA1 SHA224 SHA256 SHA384 SHA512

Comment 1

5 years ago
+1 - this was rather annoying to find out in updating a Fedora tool for certificate generation.
Assignee

Comment 2

5 years ago
Requesting feedback for now. In particular, I'm not sure whether it would be better to display the hashAlg keywords in the HTML and man page as a bulleted list, or if it's fine as is.
Assignee: nobody → cykesiopka.bmo
Status: NEW → ASSIGNED
Attachment #8535435 - Flags: feedback?(emaldona)

Comment 3

5 years ago
(In reply to Cykesiopka from comment #2)
> Created attachment 8535435 [details] [diff] [review]
> bug1058870_doc-certutil-hashAlg-option_v1.patch
> 
> Requesting feedback for now. In particular, I'm not sure whether it would be
> better to display the hashAlg keywords in the HTML and man page as a
> bulleted list, or if it's fine as is.

I did try it with the bulleted list and does look better. It's entirily optional.

Comment 4

5 years ago
Comment on attachment 8535435 [details] [diff] [review]
bug1058870_doc-certutil-hashAlg-option_v1.patch

Review of attachment 8535435 [details] [diff] [review]:
-----------------------------------------------------------------

r+, I agree with  own suggestions which would make it look better plus the couple of nitpicks I had on trailing whitepace.

::: cmd/certutil/certutil.c
@@ +971,4 @@
>      FPS "Usage:  %s -N [-d certdir] [-P dbprefix] [-f pwfile] [--empty-password]\n", progName);
>      FPS "Usage:  %s -T [-d certdir] [-P dbprefix] [-h token-name]\n"
>  	"\t\t [-f pwfile] [-0 SSO-password]\n", progName);
>      FPS "\t%s -A -n cert-name -t trustargs [-d certdir] [-P dbprefix] [-a] [-i input]\n", 

nitpick: while you are it, could you remove the trailing whitespace?

@@ +982,5 @@
>          "\t\t [-6 | --extKeyUsage [extKeyUsageKeyword,...]] [-7 emailAddrs]\n"
>          "\t\t [-8 dns-names] [-a]\n",
>  	progName);
>      FPS "\t%s -D -n cert-name [-d certdir] [-P dbprefix]\n", progName);
>      FPS "\t%s -E -n cert-name -t trustargs [-d certdir] [-P dbprefix] [-a] [-i input]\n", 

nitpick: while you are it, could you remove the trailing whitespace?

::: doc/certutil.xml
@@ +462,5 @@
>        <varlistentry>
> +        <term>-Z hashAlg</term>
> +        <listitem>
> +        <para>
> +           Specify the hash algorithm to use with the -C, -S or -R command options. Possible keywords: MD2, MD4, MD5, SHA1, SHA224, SHA256, SHA384, SHA512

You yousresdleve suggested using a bulleted list. I agrre that it would look slighly better but it's entirely optional.

::: doc/nroff/certutil.1
@@ +620,5 @@
>  .RE
>  .PP
> +\-Z hashAlg
> +.RS 4
> +Specify the hash algorithm to use with the \-C, \-S or \-R command options\&. Possible keywords: MD2, MD4, MD5, SHA1, SHA224, SHA256, SHA384, SHA512

As you suggested a nested itemized list for the algorithms would make it look a but better. IIt's entirely optional.
Attachment #8535435 - Flags: feedback?(emaldona) → feedback+
Assignee

Comment 5

4 years ago
+ Put possible hashAlg keywords in a list in HTML and man pages
+ Remove trailing whitespace
Attachment #8535435 - Attachment is obsolete: true
Attachment #8545786 - Flags: review?(emaldona)

Updated

4 years ago
Attachment #8545786 - Flags: review?(emaldona) → review+
Assignee

Comment 6

4 years ago
Thanks for the review!
Keywords: checkin-needed
Reporter

Comment 7

4 years ago
https://hg.mozilla.org/projects/nss/rev/2bffb88b1052
Status: ASSIGNED → RESOLVED
Last Resolved: 4 years ago
Keywords: checkin-needed
Resolution: --- → FIXED
Target Milestone: --- → 3.18
Reporter

Comment 8

4 years ago
mass change target milestone to 3.17.4
Target Milestone: 3.18 → 3.17.4
You need to log in before you can comment on or make changes to this bug.