Note: There are a few cases of duplicates in user autocompletion which are being worked on.

certutil's usage messages incorrectly document certain options

RESOLVED FIXED in 3.12.1

Status

NSS
Tools
P3
normal
RESOLVED FIXED
12 years ago
9 years ago

People

(Reporter: kaie, Assigned: Nelson Bolyard (seldom reads bugmail))

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Reporter)

Description

12 years ago
From https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=185577

Description of problem:
When I run "certutil -R" and supply an email address using the -y flag, I get an
error message.

Version-Release number of selected component (if applicable):
nss-tools-3.11-4

How reproducible:
Always

Steps to Reproduce:
1. mkdir /tmp/z
2. certutil -d /tmp/z -N
3. certutil -d /tmp/z -R -s 'cn=Nalin Dahyabhai' -a -o /tmp/z/nalin.req -y
nalin@redhat.com
  
Actual results:
I get this error message:
certutil -y: incorrect public exponent 0.Must be 3, 17, or 65537.

Expected results:
certutil would usually ask me to help it seed its RNG, and proceed as normally
(Assignee)

Updated

12 years ago
Assignee: wtchang → nobody
QA Contact: jason.m.reid → tools
(Assignee)

Updated

11 years ago
Priority: -- → P3

Updated

10 years ago
OS: Linux → All
Hardware: PC → All

Comment 1

9 years ago
The -y option is for the public exponent only, we wouldn't want to overload this meaning.  The -R command honors the -S command extension options 
-7  Create an email subject alt name extension
certutil -d /tmp/z -R -s 'cn=Nalin Dahyabhai' -a -o /tmp/z/nalin.req -s
nalin@redhat.com works as the reporter expected. Wouldn't this be the proper way?

Comment 2

9 years ago
Yep, looks like you're right -- the short-form ('-h') help output must be wrong.

Updated

9 years ago
Status: NEW → ASSIGNED
Also, the documentation for the -7 -8 and -0 options are wrong or missing.
Patch forthcoming.
Summary: certutil -R doesn't like the -y flag → certutil's usage messages incorrectly document certain options
(Assignee)

Updated

9 years ago
Assignee: nobody → nelson
Status: ASSIGNED → NEW
Created attachment 331775 [details] [diff] [review]
patch v1

How's this?
Attachment #331775 - Flags: review?(kaie)
(Reporter)

Comment 5

9 years ago
Comment on attachment 331775 [details] [diff] [review]
patch v1

I don't know what the SSO-Password is, maybe you'd want to use a more obvious string.

Besides from that the changes in the patch seem to match the information in secuCommandFlag options_init, so r+
Attachment #331775 - Flags: review?(kaie) → review+
(Reporter)

Comment 6

9 years ago
If you create a new patch, and your only change is a more descriptive string for SSO, my r+ shall still apply.
Kai, as you may recall, certutil has both a "short" and a "long" usage message,
obtained with certutil -h and certutil -H respectively.  With this patch, 
the short message describes certutil's -T option as:

Usage:  certutil -T [-d certdir] [-P dbprefix] [-h token-name]
                 [-f pwfile] [-0 SSO-password]

and the long usage message describes it as:

-T              Reset the Key database or token
   -d certdir        Cert database directory (default is ~/.netscape)
   -P dbprefix       Cert & Key database prefix
   -h token-name     Token to reset (default is internal)
   -0 SSO-password   Set token's Site Security Officer password

Do you think that SSO-password needs more explanation than that?
cmd/certutil/certutil.c; new revision: 1.141; previous revision: 1.140
Status: NEW → RESOLVED
Last Resolved: 9 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.12.1
(Reporter)

Comment 9

9 years ago
Nelson, thanks for the clarification, you're right, that seems sufficient.
You need to log in before you can comment on or make changes to this bug.