diff options
| author | Stef Walter <stefw@gnome.org> | 2013-03-15 09:22:57 +0100 |
|---|---|---|
| committer | Stef Walter <stefw@gnome.org> | 2013-03-15 17:44:32 +0100 |
| commit | 07a53cecc3220b3811f9db7514e49235fff32b94 (patch) | |
| tree | 19b9d244a5750ec7e577bef556332f5f111b585b /doc/manual/p11-kit.xml | |
| parent | 7fc0ecd1ca7840e71958e62163b27d645c936c25 (diff) | |
extract: Combine trust policy when extracting
* Collapse multiple identical certificates coming from different
tokens. Note that if a certificate should not be placed multiple
times on a token. We cannot know which one to respect.
* Add a new extract filter: --trust-policy
This extracts all anchor and blacklist information
https://bugs.freedesktop.org/show_bug.cgi?id=61497
Diffstat (limited to 'doc/manual/p11-kit.xml')
| -rw-r--r-- | doc/manual/p11-kit.xml | 19 |
1 files changed, 16 insertions, 3 deletions
diff --git a/doc/manual/p11-kit.xml b/doc/manual/p11-kit.xml index 9791c29..83fd47d 100644 --- a/doc/manual/p11-kit.xml +++ b/doc/manual/p11-kit.xml @@ -98,14 +98,18 @@ $ p11-kit extract --format=x509-directory --filter=ca-certificates /path/to/dire </varlistentry> <varlistentry> <term><option>--filter=<what></option></term> - <listitem><para>Specifies what certificates to export. - You can specify the following values: + <listitem> + <para>Specifies what certificates to extract. You can specify the following values: <variablelist> <varlistentry> <term><option>ca-anchors</option></term> <listitem><para>Certificate anchors (default)</para></listitem> </varlistentry> <varlistentry> + <term><option>trust-policy</option></term> + <listitem><para>Anchors and blacklist</para></listitem> + </varlistentry> + <varlistentry> <term><option>blacklist</option></term> <listitem><para>Blacklisted certificates</para></listitem> </varlistentry> @@ -118,7 +122,16 @@ $ p11-kit extract --format=x509-directory --filter=ca-certificates /path/to/dire <listitem><para>A PKCS#11 URI</para></listitem> </varlistentry> </variablelist> - </para></listitem> + </para> + + <para>If an output format is chosen that cannot support type what has been + specified by the filter, a message will be printed.</para> + + <para>None of the available formats support storage of blacklist entries + that do not contain a full certificate. Thus any certificates blacklisted by + their issuer and serial number alone, are not included in the extracted + blacklist.</para> + </listitem> </varlistentry> <varlistentry> <term><option>--format=<type></option></term> |