Robie - I believe it's an inconsistency between upstream source docs and behaviour. However, upstream docs align with Ubuntu (and presumably other distro) docs and are _not_ consistent with the current behaviour.
The distro man pages and the online docs at https://developer.mozilla.org/en- US/docs/Mozilla/Projects/NSS/Tools/certutil (Sept 2014) do not agree with the current behaviour and the later online docs at https://developer.mozilla.org/en- US/docs/Mozilla/Projects/NSS/tools/NSS_Tools_certutil (Sept 2015). Therefore, the source man page needs to be updated to align with the latter 2015 online docs. As I understand it, the relevant -t trustargs arguments are: p - mark the trustargs settings as authoritative, but don't flag the certificate as a CA. This makes the certificate explicitly distrusted as a CA as per the Sept 2015 online docs. c - mark the trustargs settings as authoritative and also flag the certificate as a CA. I.e trusted. 'T' and 'C' also set 'c' So, bottom line is to raise an upstream bug to align the source code man page with the online (Sept 2015) docs and current behaviour as there doesn't seem to be one currently - https://bugzilla.mozilla.org/buglist.cgi?quicksearch=certutil+trustargs -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to nss in Ubuntu. https://bugs.launchpad.net/bugs/1586538 Title: certutils from libnss3-tools - man page contradicts Mozilla's Status in nss package in Ubuntu: Incomplete Bug description: Description of certuitls here: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/tools/NSS_Tools_certutil#Options_and_Arguments contradicts the man page here: http://manpages.ubuntu.com/manpages/wily/man1/certutil.1.html In the former "-t p" is "prohibited (explicitly distrusted)". In the latter, it's "Valid peer". I'm listing it as a security vuln, because someone could do mistakenly do the wrong thing. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss/+bug/1586538/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
