[gnutls-devel] Missing documentation in GnuTLS 3.4.4.1

Mark H Weaver mhw at netris.org
Wed Aug 19 07:37:46 CEST 2015


I looked at the diffs between 3.4.4 and 3.4.4.1 and discovered that in
the documentation, all of the included output of <PROGRAM> --help has
been lost.  For example:

--8<---------------cut here---------------start------------->8---
diff -ru gnutls-3.4.4/doc/invoke-certtool.texi gnutls-3.4.4.1/doc/invoke-certtool.texi
--- gnutls-3.4.4/doc/invoke-certtool.texi	2015-07-31 15:44:21.000000000 -0400
+++ gnutls-3.4.4.1/doc/invoke-certtool.texi	2015-08-10 13:43:52.000000000 -0400
@@ -41,97 +41,7 @@
 
 @exampleindent 0
 @example
-certtool - GnuTLS certificate tool
-Usage:  certtool [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]...
-
-   -d, --debug=num            Enable debugging
-                                - it must be in the range:
-                                  0 to 9999
-   -V, --verbose              More verbose output
-                                - may appear multiple times
-       --infile=file          Input file
-                                - file must pre-exist
-       --outfile=str          Output file
-   -s, --generate-self-signed  Generate a self-signed certificate
-   -c, --generate-certificate  Generate a signed certificate
-       --generate-proxy       Generates a proxy certificate
-       --generate-crl         Generate a CRL
-   -u, --update-certificate   Update a signed certificate
-   -p, --generate-privkey     Generate a private key
-   -q, --generate-request     Generate a PKCS #10 certificate request
-                                - prohibits the option 'infile'
-   -e, --verify-chain         Verify a PEM encoded certificate chain
-       --verify               Verify a PEM encoded certificate chain using a trusted list
-       --verify-crl           Verify a CRL using a trusted list
-                                - requires the option 'load-ca-certificate'
-       --generate-dh-params   Generate PKCS #3 encoded Diffie-Hellman parameters
-       --get-dh-params        Get the included PKCS #3 encoded Diffie-Hellman parameters
-       --dh-info              Print information PKCS #3 encoded Diffie-Hellman parameters
-       --load-privkey=str     Loads a private key file
-       --load-pubkey=str      Loads a public key file
-       --load-request=str     Loads a certificate request file
-       --load-certificate=str Loads a certificate file
-       --load-ca-privkey=str  Loads the certificate authority's private key file
-       --load-ca-certificate=str Loads the certificate authority's certificate file
-       --password=str         Password to use
-       --null-password        Enforce a NULL password
-       --empty-password       Enforce an empty password
-       --hex-numbers          Print big number in an easier format to parse
-       --cprint               In certain operations it prints the information in C-friendly format
-   -i, --certificate-info     Print information on the given certificate
-       --certificate-pubkey   Print certificate's public key
-       --pgp-certificate-info  Print information on the given OpenPGP certificate
-       --pgp-ring-info        Print information on the given OpenPGP keyring structure
-   -l, --crl-info             Print information on the given CRL structure
-       --crq-info             Print information on the given certificate request
-       --no-crq-extensions    Do not use extensions in certificate requests
-       --p12-info             Print information on a PKCS #12 structure
-       --p12-name=str         The PKCS #12 friendly name to use
-       --p7-info              Print information on a PKCS #7 structure
-       --smime-to-p7          Convert S/MIME to PKCS #7 structure
-   -k, --key-info             Print information on a private key
-       --pgp-key-info         Print information on an OpenPGP private key
-       --pubkey-info          Print information on a public key
-       --v1                   Generate an X.509 version 1 certificate (with no extensions)
-   -!, --to-p12               Generate a PKCS #12 structure
-                                - requires the option 'load-certificate'
-   -", --to-p8                Generate a PKCS #8 structure
-   -8, --pkcs8                Use PKCS #8 format for private keys
-   -#, --rsa                  Generate RSA key
-   -$, --dsa                  Generate DSA key
-   -%, --ecc                  Generate ECC (ECDSA) key
-   -&, --ecdsa                an alias for the 'ecc' option
-   -', --hash=str             Hash algorithm to use for signing
-   -(, --inder                Use DER format for input certificates, private keys, and DH parameters
-                                - disabled as '--no-inder'
-   -), --inraw                an alias for the 'inder' option
-   -*, --outder               Use DER format for output certificates, private keys, and DH parameters
-                                - disabled as '--no-outder'
-   -+, --outraw               an alias for the 'outder' option
-   -,, --bits=num             Specify the number of bits for key generate
-   --, --curve=str            Specify the curve used for EC key generation
-   -., --sec-param=str        Specify the security level [low, legacy, medium, high, ultra]
-   -/, --disable-quick-random  No effect
-   -0, --template=str         Template file to use for non-interactive operation
-   -1, --stdout-info          Print information to stdout instead of stderr
-   -2, --ask-pass             Enable interaction for entering password when in batch mode.
-   -3, --pkcs-cipher=str      Cipher to use for PKCS #8 and #12 operations
-   -4, --provider=str         Specify the PKCS #11 provider library
-   -v, --version[=arg]        output version information and exit
-   -h, --help                 display extended usage information and exit
-   -!, --more-help            extended usage information passed thru pager
-
-Options are specified by doubled hyphens and their name or by a single
-hyphen and the flag character.
-
-Tool to parse and generate X.509 certificates, requests and private keys.
-It can be used interactively or non interactively by specifying the
-template command line option.
-
-The tool accepts files or URLs supported by GnuTLS.  In case PIN is
-required for the URL access you can provide it using the environment
-variables GNUTLS_PIN and GNUTLS_SO_PIN.
-
+certtool is unavailable - no --help
 @end example
 @exampleindent 4
 
--8<---------------cut here---------------end--------------->8---

Ditto for ocsptool, srptool, psktool, p11tool, gnutls-cli, gnutls-serv,
and gnutls-cli-debug, and of course these problems are reflected in the
pre-generated docs as well.

      Mark



More information about the Gnutls-devel mailing list