The Tor Browser: security/nss/doc/nroff/vfychain.1@b8a032363ba2 (annotated)

security/nss/doc/nroff/vfychain.1@b8a032363ba2 (annotated)

security/nss/doc/nroff/vfychain.1

Thu, 22 Jan 2015 13:21:57 +0100

author: Michael Schloh von Bennewitz <michael@schloh.com>
date: Thu, 22 Jan 2015 13:21:57 +0100
branch: TOR_BUG_9701
changeset 15: b8a032363ba2
permissions: -rw-r--r--

Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6

 '\" t
 .\"     Title: VFYCHAIN
 .\"    Author: [see the "Authors" section]
 .\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
 .\"      Date:  5 June 2014
 .\"    Manual: NSS Security Tools
 .\"    Source: nss-tools
 .\"  Language: English
 .\"
 .TH "VFYCHAIN" "1" "5 June 2014" "nss-tools" "NSS Security Tools"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 .\" http://bugs.debian.org/507673
 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 .ie \n(.g .ds Aq \(aq
 .el       .ds Aq '
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------
 .\" disable hyphenation
 .nh
 .\" disable justification (adjust text to left margin only)
 .ad l
 .\" -----------------------------------------------------------------
 .\" * MAIN CONTENT STARTS HERE *
 .\" -----------------------------------------------------------------
 .SH "NAME"
 vfychain_ \- vfychain [options] [revocation options] certfile [[options] certfile] \&.\&.\&.
 .SH "SYNOPSIS"
 .HP \w'\fBvfychain\fR\ 'u
 \fBvfychain\fR
 .SH "STATUS"
 .PP
 This documentation is still work in progress\&. Please contribute to the initial review in
 \m[blue]\fBMozilla NSS bug 836477\fR\m[]\&\s-2\u[1]\d\s+2
 .SH "DESCRIPTION"
 .PP
 The verification Tool,
 \fBvfychain\fR, verifies certificate chains\&.
 \fBmodutil\fR
 can add and delete PKCS #11 modules, change passwords on security databases, set defaults, list module contents, enable or disable slots, enable or disable FIPS 140\-2 compliance, and assign default providers for cryptographic operations\&. This tool can also create certificate, key, and module security database files\&.
 .PP
 The tasks associated with security module database management are part of a process that typically also involves managing key databases and certificate databases\&.
 .SH "OPTIONS"
 .PP
 \fB\-a\fR
 .RS 4
 the following certfile is base64 encoded
 .RE
 .PP
 \fB\-b \fR \fIYYMMDDHHMMZ\fR
 .RS 4
 Validate date (default: now)
 .RE
 .PP
 \fB\-d \fR \fIdirectory\fR
 .RS 4
 database directory
 .RE
 .PP
 \fB\-f \fR
 .RS 4
 Enable cert fetching from AIA URL
 .RE
 .PP
 \fB\-o \fR \fIoid\fR
 .RS 4
 Set policy OID for cert validation(Format OID\&.1\&.2\&.3)
 .RE
 .PP
 \fB\-p \fR
 .RS 4
 Use PKIX Library to validate certificate by calling:
 .sp
 * CERT_VerifyCertificate if specified once,
 .sp
 * CERT_PKIXVerifyCert if specified twice and more\&.
 .RE
 .PP
 \fB\-r \fR
 .RS 4
 Following certfile is raw binary DER (default)
 .RE
 .PP
 \fB\-t\fR
 .RS 4
 Following cert is explicitly trusted (overrides db trust)
 .RE
 .PP
 \fB\-u \fR \fIusage\fR
 .RS 4
 =SSL client, 1=SSL server, 2=SSL StepUp, 3=SSL CA, 4=Email signer, 5=Email recipient, 6=Object signer, 9=ProtectedObjectSigner, 10=OCSP responder, 11=Any CA
 .RE
 .PP
 \fB\-T \fR
 .RS 4
 Trust both explicit trust anchors (\-t) and the database\&. (Without this option, the default is to only trust certificates marked \-t, if there are any, or to trust the database if there are certificates marked \-t\&.)
 .RE
 .PP
 \fB\-v \fR
 .RS 4
 Verbose mode\&. Prints root cert subject(double the argument for whole root cert info)
 .RE
 .PP
 \fB\-w \fR \fIpassword\fR
 .RS 4
 Database password
 .RE
 .PP
 \fB\-W \fR \fIpwfile\fR
 .RS 4
 Password file
 .RE
 .PP
 .RS 4
 Revocation options for PKIX API (invoked with \-pp options) is a collection of the following flags: [\-g type [\-h flags] [\-m type [\-s flags]] \&.\&.\&.] \&.\&.\&.
 .sp
 Where:
 .RE
 .PP
 \fB\-g \fR \fItest\-type\fR
 .RS 4
 Sets status checking test type\&. Possible values are "leaf" or "chain"
 .RE
 .PP
 \fB\-g \fR \fItest type\fR
 .RS 4
 Sets status checking test type\&. Possible values are "leaf" or "chain"\&.
 .RE
 .PP
 \fB\-h \fR \fItest flags\fR
 .RS 4
 Sets revocation flags for the test type it follows\&. Possible flags: "testLocalInfoFirst" and "requireFreshInfo"\&.
 .RE
 .PP
 \fB\-m \fR \fImethod type\fR
 .RS 4
 Sets method type for the test type it follows\&. Possible types are "crl" and "ocsp"\&.
 .RE
 .PP
 \fB\-s \fR \fImethod flags\fR
 .RS 4
 Sets revocation flags for the method it follows\&. Possible types are "doNotUse", "forbidFetching", "ignoreDefaultSrc", "requireInfo" and "failIfNoInfo"\&.
 .RE
 .SH "ADDITIONAL RESOURCES"
 .PP
 For information about NSS and other tools related to NSS (like JSS), check out the NSS project wiki at
 \m[blue]\fBhttp://www\&.mozilla\&.org/projects/security/pki/nss/\fR\m[]\&. The NSS site relates directly to NSS code changes and releases\&.
 .PP
 Mailing lists: https://lists\&.mozilla\&.org/listinfo/dev\-tech\-crypto
 .PP
 IRC: Freenode at #dogtag\-pki
 .SH "AUTHORS"
 .PP
 The NSS tools were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google\&.
 .PP
 Authors: Elio Maldonado <emaldona@redhat\&.com>, Deon Lackey <dlackey@redhat\&.com>\&.
 .SH "LICENSE"
 .PP
 Licensed under the Mozilla Public License, v\&. 2\&.0\&. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla\&.org/MPL/2\&.0/\&.
 .SH "NOTES"
 .IP " 1." 4
 Mozilla NSS bug 836477
 .RS 4
 \%https://bugzilla.mozilla.org/show_bug.cgi?id=836477
 .RE

The Tor Browser / annotate

security/nss/doc/nroff/vfychain.1@b8a032363ba2 (annotated)

security/nss/doc/nroff/vfychain.1