Last Comment Bug 330622 - certutil's usage messages incorrectly document certain options
: certutil's usage messages incorrectly document certain options
Product: NSS
Classification: Components
Component: Tools (show other bugs)
: 3.11
: All All
P3 normal (vote)
: 3.12.1
Assigned To: Nelson Bolyard (seldom reads bugmail)
Depends on:
  Show dependency treegraph
Reported: 2006-03-15 15:16 PST by Kai Engert (:kaie)
Modified: 2008-08-14 08:24 PDT (History)
3 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---

patch v1 (3.42 KB, patch)
2008-07-30 13:37 PDT, Nelson Bolyard (seldom reads bugmail)
kaie: review+
Details | Diff | Splinter Review

Description User image Kai Engert (:kaie) 2006-03-15 15:16:09 PST

Description of problem:
When I run "certutil -R" and supply an email address using the -y flag, I get an
error message.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. mkdir /tmp/z
2. certutil -d /tmp/z -N
3. certutil -d /tmp/z -R -s 'cn=Nalin Dahyabhai' -a -o /tmp/z/nalin.req -y
Actual results:
I get this error message:
certutil -y: incorrect public exponent 0.Must be 3, 17, or 65537.

Expected results:
certutil would usually ask me to help it seed its RNG, and proceed as normally
Comment 1 User image Elio Maldonado 2008-07-30 10:22:14 PDT
The -y option is for the public exponent only, we wouldn't want to overload this meaning.  The -R command honors the -S command extension options 
-7  Create an email subject alt name extension
certutil -d /tmp/z -R -s 'cn=Nalin Dahyabhai' -a -o /tmp/z/nalin.req -s works as the reporter expected. Wouldn't this be the proper way?
Comment 2 User image Nalin Dahyabhai 2008-07-30 10:31:43 PDT
Yep, looks like you're right -- the short-form ('-h') help output must be wrong.
Comment 3 User image Nelson Bolyard (seldom reads bugmail) 2008-07-30 13:36:53 PDT
Also, the documentation for the -7 -8 and -0 options are wrong or missing.
Patch forthcoming.
Comment 4 User image Nelson Bolyard (seldom reads bugmail) 2008-07-30 13:37:58 PDT
Created attachment 331775 [details] [diff] [review]
patch v1

How's this?
Comment 5 User image Kai Engert (:kaie) 2008-08-06 19:33:46 PDT
Comment on attachment 331775 [details] [diff] [review]
patch v1

I don't know what the SSO-Password is, maybe you'd want to use a more obvious string.

Besides from that the changes in the patch seem to match the information in secuCommandFlag options_init, so r+
Comment 6 User image Kai Engert (:kaie) 2008-08-06 19:34:33 PDT
If you create a new patch, and your only change is a more descriptive string for SSO, my r+ shall still apply.
Comment 7 User image Nelson Bolyard (seldom reads bugmail) 2008-08-07 07:19:01 PDT
Kai, as you may recall, certutil has both a "short" and a "long" usage message,
obtained with certutil -h and certutil -H respectively.  With this patch, 
the short message describes certutil's -T option as:

Usage:  certutil -T [-d certdir] [-P dbprefix] [-h token-name]
                 [-f pwfile] [-0 SSO-password]

and the long usage message describes it as:

-T              Reset the Key database or token
   -d certdir        Cert database directory (default is ~/.netscape)
   -P dbprefix       Cert & Key database prefix
   -h token-name     Token to reset (default is internal)
   -0 SSO-password   Set token's Site Security Officer password

Do you think that SSO-password needs more explanation than that?
Comment 8 User image Nelson Bolyard (seldom reads bugmail) 2008-08-08 17:05:30 PDT
cmd/certutil/certutil.c; new revision: 1.141; previous revision: 1.140
Comment 9 User image Kai Engert (:kaie) 2008-08-14 08:24:08 PDT
Nelson, thanks for the clarification, you're right, that seems sufficient.

Note You need to log in before you can comment on or make changes to this bug.