Compare commits
60 Commits
Author | SHA1 | Date |
---|---|---|
Elio Maldonado | a91fad25d2 | |
Elio Maldonado | c129cf0bc3 | |
Elio Maldonado | 7b557ce61e | |
Elio Maldonado | 70b24009d2 | |
Elio Maldonado | 4e3700a9df | |
Elio Maldonado | 75232d0228 | |
Elio Maldonado | 0fd0ef5232 | |
Elio Maldonado | 346792254e | |
Elio Maldonado | f7afdb6b33 | |
Elio Maldonado | ab028e85e2 | |
Elio Maldonado | 5d3e287aa8 | |
Elio Maldonado | c0d31ae1d8 | |
Elio Maldonado | d61e6dba7b | |
Elio Maldonado | 1bb4981176 | |
Elio Maldonado | d04fa43ef4 | |
Elio Maldonado | 824235c319 | |
Elio Maldonado | bf043713d1 | |
Elio Maldonado | d57847c0d6 | |
Elio Maldonado | 547efdc318 | |
Elio Maldonado | 12aecaccd9 | |
Elio Maldonado | 76f5af88b8 | |
Elio Maldonado | 9dd314c1d8 | |
Elio Maldonado | 15ab7c5f9f | |
Elio Maldonado | e52ccd19ae | |
Elio Maldonado | 862bb14082 | |
Elio Maldonado | fd6098c240 | |
Elio Maldonado | b8228ed18c | |
Elio Maldonado | 497b79c7da | |
Elio Maldonado | 35c607f549 | |
Elio Maldonado | b70c8423a2 | |
Elio Maldonado | 68c8f5228f | |
Kai Engert | 60d1b4b4b7 | |
Kai Engert | 7a5aba2bfb | |
Kai Engert | d6b57e36c1 | |
Kai Engert | c3a3134be3 | |
Elio Maldonado | 10de960df7 | |
Elio Maldonado | a7508f6a97 | |
Elio Maldonado | 966b5e412f | |
Elio Maldonado | cc8dc4398b | |
Elio Maldonado | 9b0bed55b9 | |
Kai Engert | 37e12fb581 | |
Elio Maldonado | 57fe405127 | |
Elio Maldonado | 9c95ae5deb | |
Elio Maldonado | c5c74121b2 | |
Elio Maldonado | c3296995e7 | |
Elio Maldonado | 7f564e02e5 | |
Elio Maldonado | 2b57162ae4 | |
Elio Maldonado | 7234e68237 | |
Elio Maldonado | 0a8619f20d | |
Elio Maldonado | b285bf571f | |
Elio Maldonado | 4c9923e854 | |
Elio Maldonado | 2fd69995be | |
Elio Maldonado | 304de980b9 | |
Elio Maldonado | c061043780 | |
Elio Maldonado | 5ae182f707 | |
Elio Maldonado | ae47611986 | |
Elio Maldonado | 7430fa825a | |
Kai Engert | ed2b41da22 | |
Elio Maldonado Batiz | 4dd8f88a7c | |
Elio Maldonado | 9c6e20fa86 |
Binary file not shown.
Binary file not shown.
Binary file not shown.
59
cert8.db.xml
59
cert8.db.xml
|
@ -1,59 +0,0 @@
|
|||
<?xml version='1.0' encoding='utf-8'?>
|
||||
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
|
||||
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
|
||||
<!ENTITY date SYSTEM "date.xml">
|
||||
<!ENTITY version SYSTEM "version.xml">
|
||||
]>
|
||||
|
||||
<refentry id="cert8.db">
|
||||
|
||||
<refentryinfo>
|
||||
<date>&date;</date>
|
||||
<title>Network Security Services</title>
|
||||
<productname>nss</productname>
|
||||
<productnumber>&version;</productnumber>
|
||||
</refentryinfo>
|
||||
|
||||
<refmeta>
|
||||
<refentrytitle>cert8.db</refentrytitle>
|
||||
<manvolnum>5</manvolnum>
|
||||
</refmeta>
|
||||
|
||||
<refnamediv>
|
||||
<refname>cert8.db</refname>
|
||||
<refpurpose>Legacy NSS certificate database</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsection id="description">
|
||||
<title>Description</title>
|
||||
<para><emphasis>cert8.db</emphasis> is an NSS certificate database.</para>
|
||||
<para>This certificate database is in the legacy database format. Consider migrating to cert9.db and key4.db which are the new sqlite-based shared database format with support for concurrent access.
|
||||
</para>
|
||||
</refsection>
|
||||
|
||||
<refsection>
|
||||
<title>Files</title>
|
||||
<para><filename>/etc/pki/nssdb/cert8.db</filename></para>
|
||||
</refsection>
|
||||
|
||||
<refsection>
|
||||
<title>See also</title>
|
||||
<para>cert9.db(5), key4.db(5), pkcs11.txt(5), </para>
|
||||
</refsection>
|
||||
|
||||
<refsection id="authors">
|
||||
<title>Authors</title>
|
||||
<para>The nss libraries were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.</para>
|
||||
<para>Authors: Elio Maldonado <emaldona@redhat.com>.</para>
|
||||
</refsection>
|
||||
|
||||
<!-- don't change -->
|
||||
<refsection id="license">
|
||||
<title>LICENSE</title>
|
||||
<para>Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
</para>
|
||||
|
||||
</refsection>
|
||||
|
||||
|
||||
</refentry>
|
59
cert9.db.xml
59
cert9.db.xml
|
@ -1,59 +0,0 @@
|
|||
<?xml version='1.0' encoding='utf-8'?>
|
||||
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
|
||||
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
|
||||
<!ENTITY date SYSTEM "date.xml">
|
||||
<!ENTITY version SYSTEM "version.xml">
|
||||
]>
|
||||
|
||||
<refentry id="cert9.db">
|
||||
|
||||
<refentryinfo>
|
||||
<date>&date;</date>
|
||||
<title>Network Security Services</title>
|
||||
<productname>nss</productname>
|
||||
<productnumber>&version;</productnumber>
|
||||
</refentryinfo>
|
||||
|
||||
<refmeta>
|
||||
<refentrytitle>cert9.db</refentrytitle>
|
||||
<manvolnum>5</manvolnum>
|
||||
</refmeta>
|
||||
|
||||
<refnamediv>
|
||||
<refname>cert9.db</refname>
|
||||
<refpurpose>NSS certificate database</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsection id="description">
|
||||
<title>Description</title>
|
||||
<para><emphasis>cert9.db</emphasis> is an NSS certificate database.</para>
|
||||
<para>This certificate database is the sqlite-based shared database with support for concurrent access.
|
||||
</para>
|
||||
</refsection>
|
||||
|
||||
<refsection>
|
||||
<title>Files</title>
|
||||
<para><filename>/etc/pki/nssdb/cert9.db</filename></para>
|
||||
</refsection>
|
||||
|
||||
<refsection>
|
||||
<title>See also</title>
|
||||
<para>pkcs11.txt(5)</para>
|
||||
</refsection>
|
||||
|
||||
<refsection id="authors">
|
||||
<title>Authors</title>
|
||||
<para>The nss libraries were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.</para>
|
||||
<para>Authors: Elio Maldonado <emaldona@redhat.com>.</para>
|
||||
</refsection>
|
||||
|
||||
<!-- don't change -->
|
||||
<refsection id="license">
|
||||
<title>LICENSE</title>
|
||||
<para>Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
</para>
|
||||
|
||||
</refsection>
|
||||
|
||||
|
||||
</refentry>
|
|
@ -1,24 +0,0 @@
|
|||
diff --git a/doc/certutil.xml b/doc/certutil.xml
|
||||
--- a/doc/certutil.xml
|
||||
+++ b/doc/certutil.xml
|
||||
@@ -655,18 +655,18 @@ of the attribute codes:
|
||||
|
||||
<varlistentry>
|
||||
<term>--keyAttrFlags attrflags</term>
|
||||
<listitem><para>
|
||||
PKCS #11 key Attributes. Comma separated list of key attribute flags, selected from the following list of choices: {token | session} {public | private} {sensitive | insensitive} {modifiable | unmodifiable} {extractable | unextractable}</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
- <term>--keyFlagsOn opflags</term>
|
||||
- <term>--keyFlagsOff opflags</term>
|
||||
+ <term>--keyOpFlagsOn opflags</term>
|
||||
+ <term>--keyOpFlagsOff opflags</term>
|
||||
<listitem><para>
|
||||
PKCS #11 key Operation Flags.
|
||||
Comma separated list of one or more of the following:
|
||||
{token | session} {public | private} {sensitive | insensitive} {modifiable | unmodifiable} {extractable | unextractable}
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
|
@ -1,25 +0,0 @@
|
|||
diff --git a/doc/certutil.xml b/doc/certutil.xml
|
||||
--- a/doc/certutil.xml
|
||||
+++ b/doc/certutil.xml
|
||||
@@ -204,16 +204,21 @@ If this option is not used, the validity
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-e </term>
|
||||
<listitem><para>Check a certificate's signature during the process of validating a certificate.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
+ <term>--email email-address</term>
|
||||
+ <listitem><para>Specify the email address, used with the -L command option to print a single named certificate.</para></listitem>
|
||||
+ </varlistentry>
|
||||
+
|
||||
+ <varlistentry>
|
||||
<term>-f password-file</term>
|
||||
<listitem><para>Specify a file that will automatically supply the password to include in a certificate
|
||||
or to access a certificate database. This is a plain-text file containing one password. Be sure to prevent
|
||||
unauthorized access to this file.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-g keysize</term>
|
59
key3.db.xml
59
key3.db.xml
|
@ -1,59 +0,0 @@
|
|||
<?xml version='1.0' encoding='utf-8'?>
|
||||
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
|
||||
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
|
||||
<!ENTITY date SYSTEM "date.xml">
|
||||
<!ENTITY version SYSTEM "version.xml">
|
||||
]>
|
||||
|
||||
<refentry id="key3.db">
|
||||
|
||||
<refentryinfo>
|
||||
<date>&date;</date>
|
||||
<title>Network Security Services</title>
|
||||
<productname>nss</productname>
|
||||
<productnumber>&version;</productnumber>
|
||||
</refentryinfo>
|
||||
|
||||
<refmeta>
|
||||
<refentrytitle>key3.db</refentrytitle>
|
||||
<manvolnum>5</manvolnum>
|
||||
</refmeta>
|
||||
|
||||
<refnamediv>
|
||||
<refname>key3.db</refname>
|
||||
<refpurpose>Legacy NSS certificate database</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsection id="description">
|
||||
<title>Description</title>
|
||||
<para><emphasis>key3.db</emphasis> is an NSS certificate database.</para>
|
||||
<para>This is a key database in the legacy database format. Consider migrating to cert9.db and key4.db which which are the new sqlite-based shared database format with support for concurrent access.
|
||||
</para>
|
||||
</refsection>
|
||||
|
||||
<refsection>
|
||||
<title>Files</title>
|
||||
<para><filename>/etc/pki/nssdb/key3.db</filename></para>
|
||||
</refsection>
|
||||
|
||||
<refsection>
|
||||
<title>See also</title>
|
||||
<para>cert9.db(5), key4.db(5), pkcs11.txt(5), </para>
|
||||
</refsection>
|
||||
|
||||
<refsection id="authors">
|
||||
<title>Authors</title>
|
||||
<para>The nss libraries were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.</para>
|
||||
<para>Authors: Elio Maldonado <emaldona@redhat.com>.</para>
|
||||
</refsection>
|
||||
|
||||
<!-- don't change -->
|
||||
<refsection id="license">
|
||||
<title>LICENSE</title>
|
||||
<para>Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
</para>
|
||||
|
||||
</refsection>
|
||||
|
||||
|
||||
</refentry>
|
59
key4.db.xml
59
key4.db.xml
|
@ -1,59 +0,0 @@
|
|||
<?xml version='1.0' encoding='utf-8'?>
|
||||
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
|
||||
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
|
||||
<!ENTITY date SYSTEM "date.xml">
|
||||
<!ENTITY version SYSTEM "version.xml">
|
||||
]>
|
||||
|
||||
<refentry id="key4.db">
|
||||
|
||||
<refentryinfo>
|
||||
<date>&date;</date>
|
||||
<title>Network Security Services</title>
|
||||
<productname>nss</productname>
|
||||
<productnumber>&version;</productnumber>
|
||||
</refentryinfo>
|
||||
|
||||
<refmeta>
|
||||
<refentrytitle>key4.db</refentrytitle>
|
||||
<manvolnum>5</manvolnum>
|
||||
</refmeta>
|
||||
|
||||
<refnamediv>
|
||||
<refname>key4.db</refname>
|
||||
<refpurpose>NSS certificate database</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsection id="description">
|
||||
<title>Description</title>
|
||||
<para><emphasis>key4.db</emphasis> is an NSS key database.</para>
|
||||
<para>This key database is the sqlite-based shared database format with support for concurrent access.
|
||||
</para>
|
||||
</refsection>
|
||||
|
||||
<refsection>
|
||||
<title>Files</title>
|
||||
<para><filename>/etc/pki/nssdb/key4.db</filename></para>
|
||||
</refsection>
|
||||
|
||||
<refsection>
|
||||
<title>See also</title>
|
||||
<para>pkcs11.txt(5)</para>
|
||||
</refsection>
|
||||
|
||||
<refsection id="authors">
|
||||
<title>Authors</title>
|
||||
<para>The nss libraries were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.</para>
|
||||
<para>Authors: Elio Maldonado <emaldona@redhat.com>.</para>
|
||||
</refsection>
|
||||
|
||||
<!-- don't change -->
|
||||
<refsection id="license">
|
||||
<title>LICENSE</title>
|
||||
<para>Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
</para>
|
||||
|
||||
</refsection>
|
||||
|
||||
|
||||
</refentry>
|
|
@ -1,209 +0,0 @@
|
|||
diff --git a/doc/certutil.xml b/doc/certutil.xml
|
||||
--- a/doc/certutil.xml
|
||||
+++ b/doc/certutil.xml
|
||||
@@ -634,16 +634,37 @@ of the attribute codes:
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>--extSKID</term>
|
||||
<listitem><para>Add the Subject Key ID extension to the certificate. X.509 certificate extensions are described in RFC 5280.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
+ <term>--extNC</term>
|
||||
+ <listitem><para>Add a Name Constraint extension to the certificate. X.509 certificate extensions are described in RFC 5280.</para></listitem>
|
||||
+ </varlistentry>
|
||||
+
|
||||
+ <varlistentry>
|
||||
+ <term>--keyAttrFlags attrflags</term>
|
||||
+ <listitem><para>
|
||||
+PKCS #11 key Attributes. Comma separated list of key attribute flags, selected from the following list of choices: {token | session} {public | private} {sensitive | insensitive} {modifiable | unmodifiable} {extractable | unextractable}</para></listitem>
|
||||
+ </varlistentry>
|
||||
+
|
||||
+ <varlistentry>
|
||||
+ <term>--keyFlagsOn opflags</term>
|
||||
+ <term>--keyFlagsOff opflags</term>
|
||||
+ <listitem><para>
|
||||
+PKCS #11 key Operation Flags.
|
||||
+Comma separated list of one or more of the following:
|
||||
+{token | session} {public | private} {sensitive | insensitive} {modifiable | unmodifiable} {extractable | unextractable}
|
||||
+ </para></listitem>
|
||||
+ </varlistentry>
|
||||
+
|
||||
+ <varlistentry>
|
||||
<term>--source-dir certdir</term>
|
||||
<listitem><para>Identify the certificate database directory to upgrade.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>--source-prefix certdir</term>
|
||||
<listitem><para>Give the prefix of the certificate and key databases to upgrade.</para></listitem>
|
||||
</varlistentry>
|
||||
@@ -795,17 +816,17 @@ JyBVgFqDXRYSyTBNw1DrxUU/3GvWA/ngjAwHEv0C
|
||||
XRzPORlC2WY3gkk7vmlsLvYpyecNazAi/NAwVnU/66HOsaoVFWE+gBQo99UrN2yk
|
||||
0BiK/GMFlLm5dXQROgA9ZKKyFdI0LIXtf6SbAgMBAAGjMzAxMBEGCWCGSAGG+EIB
|
||||
AQQEAwIHADAMBgNVHRMEBTADAQH/MA4GA1UdDwEB/wQEAwICBDANBgkqhkiG9w0B
|
||||
AQUFAAOBgQA6chkzkACN281d1jKMrc+RHG2UMaQyxiteaLVZO+Ro1nnRUvseDf09
|
||||
XKYFwPMJjWCihVku6bw/ihZfuMHhxK22Nue6inNQ6eDu7WmrqL8z3iUrQwxs+WiF
|
||||
ob2rb8XRVVJkzXdXxlk4uo3UtNvw8sAz7sWD71qxKaIHU5q49zijfg==
|
||||
-----END CERTIFICATE-----
|
||||
</programlisting>
|
||||
-<pa>For a humam-readable display</para>
|
||||
+<para>For a human-readable display</para>
|
||||
<programlisting>$ certutil -L -d sql:$HOME/nssdb -n my-ca-cert
|
||||
Certificate:
|
||||
Data:
|
||||
Version: 3 (0x2)
|
||||
Serial Number: 3650 (0xe42)
|
||||
Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
|
||||
Issuer: "CN=Example CA"
|
||||
Validity:
|
||||
diff --git a/doc/cmsutil.xml b/doc/cmsutil.xml
|
||||
--- a/doc/cmsutil.xml
|
||||
+++ b/doc/cmsutil.xml
|
||||
@@ -84,19 +84,26 @@ The options and arguments for the cmsuti
|
||||
<varlistentry>
|
||||
<term>-S </term>
|
||||
<listitem><para>Sign a message.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
</variablelist>
|
||||
|
||||
<para><command>Arguments</command></para>
|
||||
- <para>Option arguments modify an action and are lowercase.</para>
|
||||
+ <para>Option arguments modify an action.</para>
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
+ <term>-b </term>
|
||||
+ <listitem>
|
||||
+ <para>Decode a batch of files named in infile.</para>
|
||||
+ </listitem>
|
||||
+ </varlistentry>
|
||||
+
|
||||
+ <varlistentry>
|
||||
<term>-c content </term>
|
||||
<listitem>
|
||||
<para>Use this detached content (decode only).</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-d dbdir</term>
|
||||
@@ -108,37 +115,58 @@ The options and arguments for the cmsuti
|
||||
<varlistentry>
|
||||
<term>-e envfile</term>
|
||||
<listitem>
|
||||
<para>Specify a file containing an enveloped message for a set of recipients to which you would like to send an encrypted message. If this is the first encrypted message for that set of recipients, a new enveloped message will be created that you can then use for future messages (encrypt only).</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
+ <term>-f pwfile</term>
|
||||
+ <listitem>
|
||||
+ <para>Use password file to set password on all PKCS#11 tokens.</para>
|
||||
+ </listitem>
|
||||
+ </varlistentry>
|
||||
+
|
||||
+ <varlistentry>
|
||||
<term>-G</term>
|
||||
<listitem>
|
||||
<para>Include a signing time attribute (sign only).</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
-
|
||||
+
|
||||
+ <varlistentry>
|
||||
+ <term>-H hash</term>
|
||||
+ <listitem>
|
||||
+ <para>Use specified hash algorithm (default:SHA1).</para>
|
||||
+ </listitem>
|
||||
+ </varlistentry>
|
||||
+
|
||||
<varlistentry>
|
||||
<term>-h num</term>
|
||||
<listitem>
|
||||
<para>Generate email headers with info about CMS message (decode only).</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-i infile</term>
|
||||
<listitem>
|
||||
<para>Use infile as a source of data (default is stdin).</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
+ <term>-k</term>
|
||||
+ <listitem>
|
||||
+ <para>Keep decoded encryption certs in permanent cert db.</para>
|
||||
+ </listitem>
|
||||
+ </varlistentry>
|
||||
+
|
||||
+ <varlistentry>
|
||||
<term>-N nickname</term>
|
||||
<listitem>
|
||||
<para>Specify nickname of certificate to sign with (sign only).</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>-n </term>
|
||||
@@ -188,16 +216,23 @@ For certificates-only message, list of c
|
||||
<varlistentry>
|
||||
<term>-u certusage</term>
|
||||
<listitem>
|
||||
<para>Set type of cert usage (default is certUsageEmailSigner).</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
+ <term>-v</term>
|
||||
+ <listitem>
|
||||
+ <para>Print debugging information.</para>
|
||||
+ </listitem>
|
||||
+ </varlistentry>
|
||||
+
|
||||
+ <varlistentry>
|
||||
<term>-Y ekprefnick</term>
|
||||
<listitem>
|
||||
<para>Specify an encryption key preference by nickname.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
</variablelist>
|
||||
|
||||
diff --git a/doc/crlutil.xml b/doc/crlutil.xml
|
||||
--- a/doc/crlutil.xml
|
||||
+++ b/doc/crlutil.xml
|
||||
@@ -261,16 +261,30 @@ Specify type of CRL. possible types are:
|
||||
<term>-u url </term>
|
||||
<listitem>
|
||||
<para>
|
||||
Specify the url.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
+ <varlistentry>
|
||||
+ <term>-w pwd-string</term>
|
||||
+ <listitem>
|
||||
+ <para>Provide db password in command line.</para>
|
||||
+ </listitem>
|
||||
+ </varlistentry>
|
||||
+
|
||||
+ <varlistentry>
|
||||
+ <term>-Z algorithm</term>
|
||||
+ <listitem>
|
||||
+ <para>Specify the hash algorithm to use for signing the CRL.</para>
|
||||
+ </listitem>
|
||||
+ </varlistentry>
|
||||
+
|
||||
</variablelist>
|
||||
</refsection>
|
||||
|
||||
<refsection id="syntax">
|
||||
<title>CRL Generation script syntax</title>
|
||||
<para>CRL generation script file has the following syntax:</para>
|
||||
<para>
|
||||
* Line with comments should have # as a first symbol of a line</para>
|
196
nss.spec
196
nss.spec
|
@ -64,12 +64,6 @@ Source18: TestUser50.cert
|
|||
Source19: TestUser51.cert
|
||||
Source20: nss-config.xml
|
||||
Source21: setup-nsssysinit.xml
|
||||
Source22: pkcs11.txt.xml
|
||||
Source23: cert8.db.xml
|
||||
Source24: cert9.db.xml
|
||||
Source25: key3.db.xml
|
||||
Source26: key4.db.xml
|
||||
Source27: secmod.db.xml
|
||||
|
||||
Patch2: add-relro-linker-option.patch
|
||||
Patch3: renegotiate-transitional.patch
|
||||
|
@ -79,6 +73,8 @@ Patch18: nss-646045.patch
|
|||
# must statically link pem against the freebl in the buildroot
|
||||
# Needed only when freebl on tree has new APIS
|
||||
Patch25: nsspem-use-system-freebl.patch
|
||||
# This patch is currently meant for stable branches
|
||||
Patch29: nss-ssl-cbc-random-iv-off-by-default.patch
|
||||
# TODO: Remove this patch when the ocsp test are fixed
|
||||
Patch40: nss-3.14.0.0-disble-ocsp-test.patch
|
||||
Patch44: 0001-sync-up-with-upstream-softokn-changes.patch
|
||||
|
@ -93,10 +89,6 @@ Patch48: nss-versus-softoken-tests.patch
|
|||
# TODO remove when we switch to building nss without softoken
|
||||
Patch49: nss-skip-bltest-and-fipstest.patch
|
||||
Patch50: iquote.patch
|
||||
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=932001
|
||||
Patch54: document-certutil-email-option.patch
|
||||
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=937677
|
||||
Patch57: certutil_keyOpFlagsFix.patch
|
||||
|
||||
%description
|
||||
Network Security Services (NSS) is a set of libraries designed to
|
||||
|
@ -180,6 +172,8 @@ low level services.
|
|||
%patch18 -p0 -b .646045
|
||||
# link pem against buildroot's freebl, essential when mixing and matching
|
||||
%patch25 -p0 -b .systemfreebl
|
||||
# activate for stable branches
|
||||
%patch29 -p0 -b .cbcrandomivoff
|
||||
%patch40 -p0 -b .noocsptest
|
||||
%patch44 -p1 -b .syncupwithupstream
|
||||
%patch45 -p0 -b .notrash
|
||||
|
@ -188,10 +182,6 @@ low level services.
|
|||
%patch48 -p0 -b .crypto
|
||||
%patch49 -p0 -b .skipthem
|
||||
%patch50 -p0 -b .iquote
|
||||
pushd nss
|
||||
%patch54 -p1 -b .948495
|
||||
%patch57 -p1 -b .948495
|
||||
popd
|
||||
|
||||
#########################################################
|
||||
# Higher-level libraries and test tools need access to
|
||||
|
@ -350,22 +340,13 @@ date +"%e %B %Y" | tr -d '\n' > date.xml
|
|||
echo -n %{version} > version.xml
|
||||
|
||||
# configuration files and setup script
|
||||
for m in %{SOURCE20} %{SOURCE21} %{SOURCE22}; do
|
||||
for m in %{SOURCE20} %{SOURCE21}; do
|
||||
cp ${m} .
|
||||
done
|
||||
for m in nss-config.xml setup-nsssysinit.xml pkcs11.txt.xml; do
|
||||
for m in nss-config.xml setup-nsssysinit.xml; do
|
||||
xmlto man ${m}
|
||||
done
|
||||
|
||||
# nss databases considered to be configuration files
|
||||
for m in %{SOURCE23} %{SOURCE24} %{SOURCE25} %{SOURCE26} %{SOURCE27}; do
|
||||
cp ${m} .
|
||||
done
|
||||
for m in cert8.db.xml cert9.db.xml key3.db.xml key4.db.xml secmod.db.xml; do
|
||||
xmlto man ${m}
|
||||
done
|
||||
|
||||
|
||||
%check
|
||||
if [ $DISABLETEST -eq 1 ]; then
|
||||
echo "testing disabled"
|
||||
|
@ -471,13 +452,9 @@ echo "test suite completed"
|
|||
%{__mkdir_p} $RPM_BUILD_ROOT/%{_libdir}/pkgconfig
|
||||
|
||||
mkdir -p $RPM_BUILD_ROOT%{_mandir}/man1
|
||||
mkdir -p $RPM_BUILD_ROOT%{_mandir}/man5
|
||||
|
||||
touch $RPM_BUILD_ROOT%{_libdir}/libnssckbi.so
|
||||
%{__install} -p -m 755 dist/*.OBJ/lib/libnssckbi.so $RPM_BUILD_ROOT/%{_libdir}/nss/libnssckbi.so
|
||||
|
||||
# Copy the binary libraries we want
|
||||
for file in libnss3.so libnsspem.so libnsssysinit.so libsmime3.so libssl3.so
|
||||
for file in libnss3.so libnssckbi.so libnsspem.so libnsssysinit.so libsmime3.so libssl3.so
|
||||
do
|
||||
%{__install} -p -m 755 dist/*.OBJ/lib/$file $RPM_BUILD_ROOT/%{_libdir}
|
||||
done
|
||||
|
@ -528,10 +505,6 @@ done
|
|||
%{__install} -p -m 755 ./dist/pkgconfig/nss-config $RPM_BUILD_ROOT/%{_bindir}/nss-config
|
||||
# Copy the pkcs #11 configuration script
|
||||
%{__install} -p -m 755 ./dist/pkgconfig/setup-nsssysinit.sh $RPM_BUILD_ROOT/%{_bindir}/setup-nsssysinit.sh
|
||||
# install a symbolic link to it, without the ".sh" suffix,
|
||||
# that matches the man page documentation
|
||||
ln -r -s -f $RPM_BUILD_ROOT/%{_bindir}/setup-nsssysinit.sh $RPM_BUILD_ROOT/%{_bindir}/setup-nsssysinit
|
||||
|
||||
# Copy the man pages for scripts
|
||||
for f in nss-config setup-nsssysinit; do
|
||||
install -c -m 644 ${f}.1 $RPM_BUILD_ROOT%{_mandir}/man1/${f}.1
|
||||
|
@ -540,14 +513,6 @@ done
|
|||
for f in "%{allTools}"; do
|
||||
install -c -m 644 ${f}.1 $RPM_BUILD_ROOT%{_mandir}/man1/${f}.1
|
||||
done
|
||||
# Copy the man pages for the configuration files
|
||||
for f in pkcs11.txt; do
|
||||
install -c -m 644 ${f}.5 $RPM_BUILD_ROOT%{_mandir}/man5/${f}.5
|
||||
done
|
||||
# Copy the man pages for the nss databases
|
||||
for f in cert8.db cert9.db key3.db key4.db secmod.db; do
|
||||
install -c -m 644 ${f}.5 $RPM_BUILD_ROOT%{_mandir}/man5/${f}.5
|
||||
done
|
||||
|
||||
%clean
|
||||
%{__rm} -rf $RPM_BUILD_ROOT
|
||||
|
@ -557,53 +522,9 @@ done
|
|||
# from previous versions of nss.spec
|
||||
/usr/bin/setup-nsssysinit.sh on
|
||||
|
||||
%post
|
||||
# If we upgrade, and the shared filename is a regular file, then we must
|
||||
# remove it, before we can install the alternatives symbolic link.
|
||||
if [ $1 -gt 1 ] ; then
|
||||
# when upgrading or downgrading
|
||||
if ! test -L %{_libdir}/libnssckbi.so; then
|
||||
rm -f %{_libdir}/libnssckbi.so
|
||||
fi
|
||||
fi
|
||||
# Install the symbolic link
|
||||
# FYI: Certain other packages use alternatives --set to enforce that the first
|
||||
# installed package is preferred. We don't do that. Highest priority wins.
|
||||
%{_sbindir}/update-alternatives --install %{_libdir}/libnssckbi.so \
|
||||
%{alt_ckbi} %{_libdir}/nss/libnssckbi.so 10
|
||||
/sbin/ldconfig
|
||||
%post -p /sbin/ldconfig
|
||||
|
||||
%postun
|
||||
if [ $1 -eq 0 ] ; then
|
||||
# package removal
|
||||
%{_sbindir}/update-alternatives --remove %{alt_ckbi} %{_libdir}/nss/libnssckbi.so
|
||||
else
|
||||
# upgrade or downgrade
|
||||
# If the new installed package uses a regular file (not a symblic link),
|
||||
# then cleanup the alternatives link.
|
||||
if ! test -L %{_libdir}/libnssckbi.so; then
|
||||
%{_sbindir}/update-alternatives --remove %{alt_ckbi} %{_libdir}/nss/libnssckbi.so
|
||||
fi
|
||||
fi
|
||||
/sbin/ldconfig
|
||||
|
||||
%posttrans
|
||||
# An earlier version of this package had an incorrect %%postun script (3.14.3-9).
|
||||
# (The incorrect %%postun always called "update-alternatives --remove",
|
||||
# because it incorrectly assumed that test -f returns false for symbolic links.)
|
||||
# The only possible remedy to fix the mistake that "always removes on upgrade"
|
||||
# made by the older %%postun script, is to repair it in %%posttrans of the new package.
|
||||
# Strategy:
|
||||
# %%posttrans is never called when uninstalling.
|
||||
# %%posttrans is only called when installing or upgrading a package.
|
||||
# Because %%posttrans is the very last action of a package install,
|
||||
# %%{_libdir}/libnssckbi.so must exist.
|
||||
# If it does not, it's the result of the incorrect removal from a broken %%postun.
|
||||
# In this case, we repeat installation of the alternatives link.
|
||||
if ! test -e %{_libdir}/libnssckbi.so; then
|
||||
%{_sbindir}/update-alternatives --install %{_libdir}/libnssckbi.so \
|
||||
%{alt_ckbi} %{_libdir}/nss/libnssckbi.so 10
|
||||
fi
|
||||
%postun -p /sbin/ldconfig
|
||||
|
||||
|
||||
%files
|
||||
|
@ -611,17 +532,12 @@ fi
|
|||
%{_libdir}/libnss3.so
|
||||
%{_libdir}/libssl3.so
|
||||
%{_libdir}/libsmime3.so
|
||||
%ghost %{_libdir}/libnssckbi.so
|
||||
%{_libdir}/nss/libnssckbi.so
|
||||
%{_libdir}/libnssckbi.so
|
||||
%{_libdir}/libnsspem.so
|
||||
%dir %{_sysconfdir}/pki/nssdb
|
||||
%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/cert8.db
|
||||
%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/key3.db
|
||||
%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/secmod.db
|
||||
%attr(0644,root,root) %doc /usr/share/man/man5/*
|
||||
%attr(0644,root,root) %doc /usr/share/man/man5/cert8.db.5.gz
|
||||
%attr(0644,root,root) %doc /usr/share/man/man5/key3.db.5.gz
|
||||
%attr(0644,root,root) %doc /usr/share/man/man5/secmod.db.5.gz
|
||||
|
||||
%files sysinit
|
||||
%defattr(-,root,root)
|
||||
|
@ -629,12 +545,7 @@ fi
|
|||
%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/cert9.db
|
||||
%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/key4.db
|
||||
%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/pkcs11.txt
|
||||
%attr(0644,root,root) %doc /usr/share/man/man5/cert9.db.5.gz
|
||||
%attr(0644,root,root) %doc /usr/share/man/man5/key4.db.5.gz
|
||||
%attr(0644,root,root) %doc /usr/share/man/man5/pkcs11.txt.5.gz
|
||||
%{_bindir}/setup-nsssysinit.sh
|
||||
# symbolic link to setup-nsssysinit.sh
|
||||
%{_bindir}/setup-nsssysinit
|
||||
%attr(0644,root,root) %doc /usr/share/man/man1/setup-nsssysinit.1.gz
|
||||
|
||||
%files tools
|
||||
|
@ -749,101 +660,38 @@ fi
|
|||
|
||||
|
||||
%changelog
|
||||
* Wed Dec 11 2013 Elio Maldonado <emaldona@redhat.com> - 3.15.3.1-1
|
||||
* Wed Dec 18 2013 Elio Maldonado <emaldona@redhat.com> - 3.15.3.1-1
|
||||
- Update to nss-3.15.3.1 (hg tag NSS_3_15_3_1_RTM)
|
||||
- Resolves: Bug 1040282 - nss: Mis-issued ANSSI/DCSSI certificate (MFSA 2013-117)
|
||||
- Resolves: Bug 1040192 - nss-3.15.3.1 is available
|
||||
|
||||
* Tue Dec 03 2013 Elio Maldonado <emaldona@redhat.com> - 3.15.3-2
|
||||
- Bump the release tag
|
||||
|
||||
* Sun Nov 24 2013 Elio Maldonado <emaldona@redhat.com> - 3.15.3-1
|
||||
* Mon Dec 09 2013 Elio Maldonado <emaldona@redhat.com> - 3.15.3-1
|
||||
- Update to NSS_3_15_3_RTM
|
||||
- Resolves: Bug 1031897 - CVE-2013-5605 CVE-2013-5606 CVE-2013-1741 nss: various flaws
|
||||
- Fix option descriptions for setup-nsssysinit manpage
|
||||
- Fix man page of nss-sysinit wrong path and other flaws
|
||||
- Document email option for certutil manpage
|
||||
- Remove unused patches
|
||||
|
||||
* Sun Oct 27 2013 Elio Maldonado <emaldona@redhat.com> - 3.15.2-3
|
||||
- Revert one change from last commit to preserve full nss pluggable ecc supprt [1019245]
|
||||
|
||||
* Wed Oct 23 2013 Elio Maldonado <emaldona@redhat.com> - 3.15.2-2
|
||||
- Use the full sources from upstream
|
||||
* Sun Oct 27 2013 Elio Maldonado <emaldona@redhat.com> - 3.15.2-2
|
||||
- Use the full pristine sources from upstream
|
||||
- Bug 1019245 - ECDHE in openssl available -> NSS needs too for Firefox/Thunderbird
|
||||
|
||||
* Thu Sep 26 2013 Elio Maldonado <emaldona@redhat.com> - 3.15.2-1
|
||||
- Update to NSS_3_15_2_RTM
|
||||
- Update iquote.patch on account of modified prototype on cert.h installed by nss-devel
|
||||
- Keep the nss-ssl-cbc-random-iv-off-by-default.patch enabled
|
||||
|
||||
* Wed Aug 28 2013 Elio Maldonado <emaldona@redhat.com> - 3.15.1-7
|
||||
- Update pem sources to pick up a patch applied upstream which a faulty merge had missed
|
||||
- The pem module should not require unique file basenames
|
||||
|
||||
* Tue Aug 27 2013 Elio Maldonado <emaldona@redhat.com> - 3.15.1-6
|
||||
- Update pem sources to the latest from interim upstream
|
||||
|
||||
* Mon Aug 19 2013 Elio Maldonado <emaldona@redhat.com> - 3.15.1-5
|
||||
- Resolves: rhbz#996639 - Minor bugs in nss man pages
|
||||
- Fix some typos and improve description and see also sections
|
||||
|
||||
* Sun Aug 11 2013 Elio Maldonado <emaldona@redhat.com> - 3.15.1-4
|
||||
- Cleanup spec file to address most rpmlint errors and warnings
|
||||
- Using double percent symbols to fix macro-in-comment warnings
|
||||
- Ignore unversioned-explicit-provides nss-system-init per spec comments
|
||||
- Ignore invalid-url Source0 as it comes from the git lookaside cache
|
||||
- Ignore invalid-url Source12 as it comes from the git lookaside cache
|
||||
|
||||
* Thu Jul 25 2013 Elio Maldonado <emaldona@redhat.com> - 3.15.1-3
|
||||
- Add man page for pkcs11.txt configuration file and cert and key databases
|
||||
- Resolves: rhbz#985114 - Provide man pages for the nss configuration files
|
||||
|
||||
* Fri Jul 19 2013 Elio Maldonado <emaldona@redhat.com> - 3.15.1-2
|
||||
- Fix errors in the man pages
|
||||
- Resolves: rhbz#984106 - Add missing option descriptions to man pages for {cert|cms|crl}util
|
||||
- Resolves: rhbz#982856 - Fix path to script in man page for nss-sysinit
|
||||
|
||||
* Tue Jul 02 2013 Elio Maldonado <emaldona@redhat.com> - 3.15.1-1
|
||||
* Sun Jul 21 2013 Elio Maldonado <emaldona@redhat.com> - 3.15.1-1
|
||||
- Update to NSS_3_15_1_RTM
|
||||
- Enable the iquote.patch to access newly introduced types
|
||||
|
||||
* Wed Jun 19 2013 Elio Maldonado <emaldona@redhat.com> - 3.15-5
|
||||
- Install man pages for nss-tools and the nss-config and setup-nsssysinit scripts
|
||||
- Enable iquote.patch to access newly introduced types
|
||||
- Install man pages for nss-config and setup-nsssysinit
|
||||
- Resolves: rhbz#606020 - nss security tools lack man pages
|
||||
- Resolves: rhbz#689918 -build nss without softoken or util sources in the tree
|
||||
- Fix NSS_VMAJOR, NSS_VMINOR, and NSS_VPATCH generation for nss-config
|
||||
|
||||
* Tue Jun 18 2013 emaldona <emaldona@redhat.com> - 3.15-4
|
||||
- Build nss without softoken or util sources in the tree
|
||||
- Resolves: rhbz#689918
|
||||
|
||||
* Mon Jun 17 2013 emaldona <emaldona@redhat.com> - 3.15-3
|
||||
- Update ssl-cbc-random-iv-by-default.patch
|
||||
|
||||
* Sun Jun 16 2013 Elio Maldonado <emaldona@redhat.com> - 3.15-2
|
||||
- Fix generation of NSS_VMAJOR, NSS_VMINOR, and NSS_VPATCH for nss-config
|
||||
|
||||
* Sat Jun 15 2013 Elio Maldonado <emaldona@redhat.com> - 3.15-1
|
||||
- Update to NSS_3_15_RTM
|
||||
|
||||
* Wed Apr 24 2013 Elio Maldonado <emaldona@redhat.com> - 3.15-0.1.beta1.2
|
||||
- Fix incorrect path that hid failed test from view
|
||||
- Add ocsp to the test suites to run but ...
|
||||
- Temporarily disable the ocsp stapling tests
|
||||
- Do not treat failed attempts at ssl pkcs11 bypass as fatal errors
|
||||
|
||||
* Thu Apr 04 2013 Elio Maldonado <emaldona@redhat.com> - 3.15-0.1.beta1.1
|
||||
- Update to NSS_3_15_BETA1
|
||||
- Update spec file, patches, and helper scripts on account of a shallower source tree
|
||||
|
||||
* Sun Mar 24 2013 Kai Engert <kaie@redhat.com> - 3.14.3-12
|
||||
* Mon Apr 22 2013 Kai Engert <kaie@redhat.com> - 3.14.3-2
|
||||
- Add upstream patch to fix rhbz#872761
|
||||
- Update expired test certificates (fixed in upstream bug 852781)
|
||||
|
||||
* Fri Mar 08 2013 Kai Engert <kaie@redhat.com> - 3.14.3-10
|
||||
- Fix incorrect post/postun scripts. Fix broken links in posttrans.
|
||||
|
||||
* Wed Mar 06 2013 Kai Engert <kaie@redhat.com> - 3.14.3-9
|
||||
- Configure libnssckbi.so to use the alternatives system
|
||||
in order to prepare for a drop in replacement.
|
||||
|
||||
* Fri Feb 15 2013 Elio Maldonado <emaldona@redhat.com> - 3.14.3-1
|
||||
- Update to NSS_3_14_3_RTM
|
||||
- sync up pem rsawrapr.c with softoken upstream changes for nss-3.14.3
|
||||
|
|
|
@ -1,56 +0,0 @@
|
|||
<?xml version='1.0' encoding='UTF-8'?>
|
||||
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
|
||||
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
|
||||
<!ENTITY date SYSTEM "date.xml">
|
||||
<!ENTITY version SYSTEM "version.xml">
|
||||
]>
|
||||
|
||||
<refentry id="pkcs11.txt">
|
||||
|
||||
<refentryinfo>
|
||||
<date>&date;</date>
|
||||
<title>Network Security Services</title>
|
||||
<productname>nss</productname>
|
||||
<productnumber>&version;</productnumber>
|
||||
</refentryinfo>
|
||||
|
||||
<refmeta>
|
||||
<refentrytitle>pkcs11.txt</refentrytitle>
|
||||
<manvolnum>5</manvolnum>
|
||||
</refmeta>
|
||||
|
||||
<refnamediv>
|
||||
<refname>pkcs11.txt</refname>
|
||||
<refpurpose>NSS PKCS #11 module configuration file</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsection id="description">
|
||||
<title>Description</title>
|
||||
<para>
|
||||
The pkcs11.txt file is used to configure initialization parameters for the nss security module and optionally other pkcs #11 modules.
|
||||
</para>
|
||||
<para>
|
||||
For full documentation visit <ulink url="https://developer.mozilla.org/en-US/docs/PKCS11_Module_Specs">PKCS #11 Module Specs</ulink>.
|
||||
</para>
|
||||
</refsection>
|
||||
|
||||
<refsection>
|
||||
<title>Files</title>
|
||||
<para><filename>/etc/pki/nssdb/pkcs11.txt</filename></para>
|
||||
</refsection>
|
||||
|
||||
<refsection id="authors">
|
||||
<title>Authors</title>
|
||||
<para>The nss libraries were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.</para>
|
||||
<para>Authors: Elio Maldonado <emaldona@redhat.com>.</para>
|
||||
</refsection>
|
||||
|
||||
<!-- don't change -->
|
||||
<refsection id="license">
|
||||
<title>LICENSE</title>
|
||||
<para>Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
</para>
|
||||
</refsection>
|
||||
|
||||
</refentry>
|
||||
|
|
@ -1,63 +0,0 @@
|
|||
<?xml version='1.0' encoding='utf-8'?>
|
||||
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
|
||||
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
|
||||
<!ENTITY date SYSTEM "date.xml">
|
||||
<!ENTITY version SYSTEM "version.xml">
|
||||
]>
|
||||
|
||||
<refentry id="secmod.db">
|
||||
|
||||
<refentryinfo>
|
||||
<date>&date;</date>
|
||||
<title>Network Security Services</title>
|
||||
<productname>nss</productname>
|
||||
<productnumber>&version;</productnumber>
|
||||
</refentryinfo>
|
||||
|
||||
<refmeta>
|
||||
<refentrytitle>secmod.db</refentrytitle>
|
||||
<manvolnum>5</manvolnum>
|
||||
</refmeta>
|
||||
|
||||
<refnamediv>
|
||||
<refname>secmod.db</refname>
|
||||
<refpurpose>Legacy NSS security modules database</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsection id="description">
|
||||
<title>Description</title>
|
||||
<para><emphasis>secmod.db</emphasis> is an NSS security modules database.</para>
|
||||
<para>The security modules database is used to keep track of the NSS security modules. The NSS security modules export their services via the PKCS #11 API which NSS uses as its Services Provider Interface.
|
||||
</para>
|
||||
<para>The command line utility <emphasis>modutil</emphasis> is used for managing PKCS #11 module information both within secmod.db files and within hardware tokens.
|
||||
</para>
|
||||
<para>For new applications the recommended way of tracking security modules is via the pkcs11.txt configuration file used in conjunction the new sqlite-based shared database format for certificate and key databases.
|
||||
</para>
|
||||
</refsection>
|
||||
|
||||
<refsection>
|
||||
<title>Files</title>
|
||||
<para><filename>/etc/pki/nssdb/secmod.db</filename></para>
|
||||
</refsection>
|
||||
|
||||
<refsection>
|
||||
<title>See also</title>
|
||||
<para>modutil(1), cert8.db(5), cert9.db(5), key3.db(5), key4.db(5), pkcs11.txt(5)</para>
|
||||
</refsection>
|
||||
|
||||
<refsection id="authors">
|
||||
<title>Authors</title>
|
||||
<para>The nss libraries were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.</para>
|
||||
<para>Authors: Elio Maldonado <emaldona@redhat.com>.</para>
|
||||
</refsection>
|
||||
|
||||
<!-- don't change -->
|
||||
<refsection id="license">
|
||||
<title>LICENSE</title>
|
||||
<para>Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
</para>
|
||||
|
||||
</refsection>
|
||||
|
||||
|
||||
</refentry>
|
Loading…
Reference in New Issue