The Tor Browser / file revision

 '\" t

 .\"     Title: VFYCHAIN

 .\"    Author: [see the "Authors" section]

 .\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>

 .\"      Date:  5 June 2014

 .\"    Manual: NSS Security Tools

 .\"    Source: nss-tools

 .\"  Language: English

 .\"

 .TH "VFYCHAIN" "1" "5 June 2014" "nss-tools" "NSS Security Tools"

 .\" -----------------------------------------------------------------

 .\" * Define some portability stuff

 .\" -----------------------------------------------------------------

 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 .\" http://bugs.debian.org/507673

 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html

 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 .ie \n(.g .ds Aq \(aq

 .el       .ds Aq '

 .\" -----------------------------------------------------------------

 .\" * set default formatting

 .\" -----------------------------------------------------------------

 .\" disable hyphenation

 .nh

 .\" disable justification (adjust text to left margin only)

 .ad l

 .\" -----------------------------------------------------------------

 .\" * MAIN CONTENT STARTS HERE *

 .\" -----------------------------------------------------------------

 .SH "NAME"

 vfychain_ \- vfychain [options] [revocation options] certfile [[options] certfile] \&.\&.\&.

 .SH "SYNOPSIS"

 .HP \w'\fBvfychain\fR\ 'u

 \fBvfychain\fR

 .SH "STATUS"

 .PP

 This documentation is still work in progress\&. Please contribute to the initial review in

 \m[blue]\fBMozilla NSS bug 836477\fR\m[]\&\s-2\u[1]\d\s+2

 .SH "DESCRIPTION"

 .PP

 The verification Tool,

 \fBvfychain\fR, verifies certificate chains\&.

 \fBmodutil\fR

 can add and delete PKCS #11 modules, change passwords on security databases, set defaults, list module contents, enable or disable slots, enable or disable FIPS 140\-2 compliance, and assign default providers for cryptographic operations\&. This tool can also create certificate, key, and module security database files\&.

 .PP

 The tasks associated with security module database management are part of a process that typically also involves managing key databases and certificate databases\&.

 .SH "OPTIONS"

 .PP

 \fB\-a\fR

 .RS 4

 the following certfile is base64 encoded

 .RE

 .PP

 \fB\-b \fR \fIYYMMDDHHMMZ\fR

 .RS 4

 Validate date (default: now)

 .RE

 .PP

 \fB\-d \fR \fIdirectory\fR

 .RS 4

 database directory

 .RE

 .PP

 \fB\-f \fR

 .RS 4

 Enable cert fetching from AIA URL

 .RE

 .PP

 \fB\-o \fR \fIoid\fR

 .RS 4

 Set policy OID for cert validation(Format OID\&.1\&.2\&.3)

 .RE

 .PP

 \fB\-p \fR

 .RS 4

 Use PKIX Library to validate certificate by calling:

 .sp

 * CERT_VerifyCertificate if specified once,

 .sp

 * CERT_PKIXVerifyCert if specified twice and more\&.

 .RE

 .PP

 \fB\-r \fR

 .RS 4

 Following certfile is raw binary DER (default)

 .RE

 .PP

 \fB\-t\fR

 .RS 4

 Following cert is explicitly trusted (overrides db trust)

 .RE

 .PP

 \fB\-u \fR \fIusage\fR

 .RS 4

 0=SSL client, 1=SSL server, 2=SSL StepUp, 3=SSL CA, 4=Email signer, 5=Email recipient, 6=Object signer, 9=ProtectedObjectSigner, 10=OCSP responder, 11=Any CA

 .RE

 .PP

 \fB\-T \fR

 .RS 4

 Trust both explicit trust anchors (\-t) and the database\&. (Without this option, the default is to only trust certificates marked \-t, if there are any, or to trust the database if there are certificates marked \-t\&.)

 .RE

 .PP

 \fB\-v \fR

 .RS 4

 Verbose mode\&. Prints root cert subject(double the argument for whole root cert info)

 .RE

 .PP

 \fB\-w \fR \fIpassword\fR

 .RS 4

 Database password

 .RE

 .PP

 \fB\-W \fR \fIpwfile\fR

 .RS 4

 Password file

 .RE

 .PP

 .RS 4

 Revocation options for PKIX API (invoked with \-pp options) is a collection of the following flags: [\-g type [\-h flags] [\-m type [\-s flags]] \&.\&.\&.] \&.\&.\&.

 .sp

 Where:

 .RE

 .PP

 \fB\-g \fR \fItest\-type\fR

 .RS 4

 Sets status checking test type\&. Possible values are "leaf" or "chain"

 .RE

 .PP

 \fB\-g \fR \fItest type\fR

 .RS 4

 Sets status checking test type\&. Possible values are "leaf" or "chain"\&.

 .RE

 .PP

 \fB\-h \fR \fItest flags\fR

 .RS 4

 Sets revocation flags for the test type it follows\&. Possible flags: "testLocalInfoFirst" and "requireFreshInfo"\&.

 .RE

 .PP

 \fB\-m \fR \fImethod type\fR

 .RS 4

 Sets method type for the test type it follows\&. Possible types are "crl" and "ocsp"\&.

 .RE

 .PP

 \fB\-s \fR \fImethod flags\fR

 .RS 4

 Sets revocation flags for the method it follows\&. Possible types are "doNotUse", "forbidFetching", "ignoreDefaultSrc", "requireInfo" and "failIfNoInfo"\&.

 .RE

 .SH "ADDITIONAL RESOURCES"

 .PP

 For information about NSS and other tools related to NSS (like JSS), check out the NSS project wiki at

 \m[blue]\fBhttp://www\&.mozilla\&.org/projects/security/pki/nss/\fR\m[]\&. The NSS site relates directly to NSS code changes and releases\&.

 .PP

 Mailing lists: https://lists\&.mozilla\&.org/listinfo/dev\-tech\-crypto

 .PP

 IRC: Freenode at #dogtag\-pki

 .SH "AUTHORS"

 .PP

 The NSS tools were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google\&.

 .PP

 Authors: Elio Maldonado <emaldona@redhat\&.com>, Deon Lackey <dlackey@redhat\&.com>\&.

 .SH "LICENSE"

 .PP

 Licensed under the Mozilla Public License, v\&. 2\&.0\&. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla\&.org/MPL/2\&.0/\&.

 .SH "NOTES"

 .IP " 1." 4

 Mozilla NSS bug 836477

 .RS 4

 \%https://bugzilla.mozilla.org/show_bug.cgi?id=836477

 .RE