From 07a53cecc3220b3811f9db7514e49235fff32b94 Mon Sep 17 00:00:00 2001 From: Stef Walter Date: Fri, 15 Mar 2013 09:22:57 +0100 Subject: extract: Combine trust policy when extracting * Collapse multiple identical certificates coming from different tokens. Note that if a certificate should not be placed multiple times on a token. We cannot know which one to respect. * Add a new extract filter: --trust-policy This extracts all anchor and blacklist information https://bugs.freedesktop.org/show_bug.cgi?id=61497 --- doc/manual/p11-kit.xml | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) (limited to 'doc/manual') diff --git a/doc/manual/p11-kit.xml b/doc/manual/p11-kit.xml index 9791c29..83fd47d 100644 --- a/doc/manual/p11-kit.xml +++ b/doc/manual/p11-kit.xml @@ -98,14 +98,18 @@ $ p11-kit extract --format=x509-directory --filter=ca-certificates /path/to/dire - Specifies what certificates to export. - You can specify the following values: + + Specifies what certificates to extract. You can specify the following values: Certificate anchors (default) + + Anchors and blacklist + + Blacklisted certificates @@ -118,7 +122,16 @@ $ p11-kit extract --format=x509-directory --filter=ca-certificates /path/to/dire A PKCS#11 URI - + + + If an output format is chosen that cannot support type what has been + specified by the filter, a message will be printed. + + None of the available formats support storage of blacklist entries + that do not contain a full certificate. Thus any certificates blacklisted by + their issuer and serial number alone, are not included in the extracted + blacklist. + -- cgit v1.1