summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorStef Walter <stefw@gnome.org>2013-02-03 13:05:26 +0100
committerStef Walter <stefw@gnome.org>2013-02-05 15:05:05 +0100
commitf3a3e1e6a413dc93d0a1eb330a32404d803f5307 (patch)
treecd7a1df1f3e317fe45472be7607f9a6e059d91bc /doc
parent08f1a7f3cfe87bc19ecd564711b4d2beaa603924 (diff)
Add a placeholder external 'extract-trust' command
Diffstat (limited to 'doc')
-rw-r--r--doc/p11-kit-devel.xml23
-rw-r--r--doc/p11-kit.xml19
2 files changed, 42 insertions, 0 deletions
diff --git a/doc/p11-kit-devel.xml b/doc/p11-kit-devel.xml
index f3acde1..cfacbf8 100644
--- a/doc/p11-kit-devel.xml
+++ b/doc/p11-kit-devel.xml
@@ -58,6 +58,29 @@ $ <command>pkg-config p11-kit-1 --variable p11_module_path</command>
</section>
+ <section id="devel-commands">
+ <title>Customizing installed commands</title>
+
+ <para>The <literal>p11-kit</literal> tool provides a
+ <literal>extract-trust</literal> command which extracts trust
+ policy information such as certificate anchors and so on
+ into files for use with libraries that cannot read this trust
+ information directly.</para>
+
+ <para>In order to be useful the <literal>extract-trust</literal>
+ command needs to be customized per distribution or site. You can
+ find this file in at <literal>tools/p11-kit-trust-extract.in</literal>
+ in the p11-kit source code.</para>
+
+ <para>The command is implemented as a simple script which
+ performs the various <literal>p11-kit extract</literal> commands
+ necessary to extract the information.</para>
+
+ <para>Using this script as a standard way to extract this
+ information allows for consistency between distributions and ease
+ of system administration.</para>
+ </section>
+
<section id="devel-building">
<title>Compiling p11-kit from Source</title>
<para>This describes how to compiling the p11-kit package from
diff --git a/doc/p11-kit.xml b/doc/p11-kit.xml
index 162563b..98f5da5 100644
--- a/doc/p11-kit.xml
+++ b/doc/p11-kit.xml
@@ -188,6 +188,25 @@ $ p11-kit extract --format=x509-directory --filter=ca-certificates /path/to/dire
</refsect1>
<refsect1>
+ <title>Extract Trust</title>
+
+ <para>Extract standard trust information files.</para>
+
+<programlisting>
+$ p11-kit extract-trust
+</programlisting>
+
+ <para>OpenSSL, GnuTLS and Java cannot currently read trust information
+ directly from the trust policy module. This command extracts trust
+ information such as certificate anchors for use by these libraries.</para>
+
+ <para>What this command does, and where it extracts the files is
+ distribution or site specific. Packagers or administrators are expected
+ customize this command.</para>
+
+</refsect1>
+
+<refsect1>
<title>Bugs</title>
<para>
Please send bug reports to either the distribution bug tracker