1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
| | diff -ru gnutls-3.4.4/doc/invoke-certtool.texi gnutls-3.4.4.1/doc/invoke-certtool.texi
--- gnutls-3.4.4.1/doc/invoke-certtool.texi 2015-08-10 13:43:52.000000000 -0400
+++ gnutls-3.4.4/doc/invoke-certtool.texi 2015-07-31 15:44:21.000000000 -0400
@@ -41,7 +41,97 @@
@exampleindent 0
@example
-certtool is unavailable - no --help
+certtool - GnuTLS certificate tool
+Usage: certtool [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]...
+
+ -d, --debug=num Enable debugging
+ - it must be in the range:
+ 0 to 9999
+ -V, --verbose More verbose output
+ - may appear multiple times
+ --infile=file Input file
+ - file must pre-exist
+ --outfile=str Output file
+ -s, --generate-self-signed Generate a self-signed certificate
+ -c, --generate-certificate Generate a signed certificate
+ --generate-proxy Generates a proxy certificate
+ --generate-crl Generate a CRL
+ -u, --update-certificate Update a signed certificate
+ -p, --generate-privkey Generate a private key
+ -q, --generate-request Generate a PKCS #10 certificate request
+ - prohibits the option 'infile'
+ -e, --verify-chain Verify a PEM encoded certificate chain
+ --verify Verify a PEM encoded certificate chain using a trusted list
+ --verify-crl Verify a CRL using a trusted list
+ - requires the option 'load-ca-certificate'
+ --generate-dh-params Generate PKCS #3 encoded Diffie-Hellman parameters
+ --get-dh-params Get the included PKCS #3 encoded Diffie-Hellman parameters
+ --dh-info Print information PKCS #3 encoded Diffie-Hellman parameters
+ --load-privkey=str Loads a private key file
+ --load-pubkey=str Loads a public key file
+ --load-request=str Loads a certificate request file
+ --load-certificate=str Loads a certificate file
+ --load-ca-privkey=str Loads the certificate authority's private key file
+ --load-ca-certificate=str Loads the certificate authority's certificate file
+ --password=str Password to use
+ --null-password Enforce a NULL password
+ --empty-password Enforce an empty password
+ --hex-numbers Print big number in an easier format to parse
+ --cprint In certain operations it prints the information in C-friendly format
+ -i, --certificate-info Print information on the given certificate
+ --certificate-pubkey Print certificate's public key
+ --pgp-certificate-info Print information on the given OpenPGP certificate
+ --pgp-ring-info Print information on the given OpenPGP keyring structure
+ -l, --crl-info Print information on the given CRL structure
+ --crq-info Print information on the given certificate request
+ --no-crq-extensions Do not use extensions in certificate requests
+ --p12-info Print information on a PKCS #12 structure
+ --p12-name=str The PKCS #12 friendly name to use
+ --p7-info Print information on a PKCS #7 structure
+ --smime-to-p7 Convert S/MIME to PKCS #7 structure
+ -k, --key-info Print information on a private key
+ --pgp-key-info Print information on an OpenPGP private key
+ --pubkey-info Print information on a public key
+ --v1 Generate an X.509 version 1 certificate (with no extensions)
+ -!, --to-p12 Generate a PKCS #12 structure
+ - requires the option 'load-certificate'
+ -", --to-p8 Generate a PKCS #8 structure
+ -8, --pkcs8 Use PKCS #8 format for private keys
+ -#, --rsa Generate RSA key
+ -$, --dsa Generate DSA key
+ -%, --ecc Generate ECC (ECDSA) key
+ -&, --ecdsa an alias for the 'ecc' option
+ -', --hash=str Hash algorithm to use for signing
+ -(, --inder Use DER format for input certificates, private keys, and DH parameters
+ - disabled as '--no-inder'
+ -), --inraw an alias for the 'inder' option
+ -*, --outder Use DER format for output certificates, private keys, and DH parameters
+ - disabled as '--no-outder'
+ -+, --outraw an alias for the 'outder' option
+ -,, --bits=num Specify the number of bits for key generate
+ --, --curve=str Specify the curve used for EC key generation
+ -., --sec-param=str Specify the security level [low, legacy, medium, high, ultra]
+ -/, --disable-quick-random No effect
+ -0, --template=str Template file to use for non-interactive operation
+ -1, --stdout-info Print information to stdout instead of stderr
+ -2, --ask-pass Enable interaction for entering password when in batch mode.
+ -3, --pkcs-cipher=str Cipher to use for PKCS #8 and #12 operations
+ -4, --provider=str Specify the PKCS #11 provider library
+ -v, --version[=arg] output version information and exit
+ -h, --help display extended usage information and exit
+ -!, --more-help extended usage information passed thru pager
+
+Options are specified by doubled hyphens and their name or by a single
+hyphen and the flag character.
+
+Tool to parse and generate X.509 certificates, requests and private keys.
+It can be used interactively or non interactively by specifying the
+template command line option.
+
+The tool accepts files or URLs supported by GnuTLS. In case PIN is
+required for the URL access you can provide it using the environment
+variables GNUTLS_PIN and GNUTLS_SO_PIN.
+
@end example
@exampleindent 4
diff -ru gnutls-3.4.4/doc/invoke-gnutls-cli-debug.texi gnutls-3.4.4.1/doc/invoke-gnutls-cli-debug.texi
--- gnutls-3.4.4.1/doc/invoke-gnutls-cli-debug.texi 2015-08-10 13:43:50.000000000 -0400
+++ gnutls-3.4.4/doc/invoke-gnutls-cli-debug.texi 2015-07-31 15:44:18.000000000 -0400
@@ -40,7 +40,34 @@
@exampleindent 0
@example
-gnutls-cli-debug is unavailable - no --help
+gnutls-cli-debug - GnuTLS debug client
+Usage: gnutls-cli-debug [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]...
+
+ -d, --debug=num Enable debugging
+ - it must be in the range:
+ 0 to 9999
+ -V, --verbose More verbose output
+ - may appear multiple times
+ -p, --port=num The port to connect to
+ - it must be in the range:
+ 0 to 65536
+ --app-proto=str The application protocol to be used to obtain the server's certificate
+(https, ftp, smtp, imap)
+ -v, --version[=arg] output version information and exit
+ -h, --help display extended usage information and exit
+ -!, --more-help extended usage information passed thru pager
+
+Options are specified by doubled hyphens and their name or by a single
+hyphen and the flag character.
+Operands and options may be intermixed. They will be reordered.
+
+TLS debug client. It sets up multiple TLS connections to a server and
+queries its capabilities. It was created to assist in debugging GnuTLS,
+but it might be useful to extract a TLS server's capabilities. It connects
+to a TLS server, performs tests and print the server's capabilities. If
+called with the `-v' parameter more checks will be performed. Can be used
+to check for servers with special needs or bugs.
+
@end example
@exampleindent 4
diff -ru gnutls-3.4.4/doc/invoke-gnutls-cli.texi gnutls-3.4.4.1/doc/invoke-gnutls-cli.texi
--- gnutls-3.4.4.1/doc/invoke-gnutls-cli.texi 2015-08-10 13:43:49.000000000 -0400
+++ gnutls-3.4.4/doc/invoke-gnutls-cli.texi 2015-07-31 15:44:17.000000000 -0400
@@ -36,7 +36,95 @@
@exampleindent 0
@example
-gnutls-cli is unavailable - no --help
+gnutls-cli - GnuTLS client
+Usage: gnutls-cli [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... [hostname]
+
+ -d, --debug=num Enable debugging
+ - it must be in the range:
+ 0 to 9999
+ -V, --verbose More verbose output
+ - may appear multiple times
+ --tofu Enable trust on first use authentication
+ - disabled as '--no-tofu'
+ --strict-tofu Fail to connect if a known certificate has changed
+ - disabled as '--no-strict-tofu'
+ --dane Enable DANE certificate verification (DNSSEC)
+ - disabled as '--no-dane'
+ --local-dns Use the local DNS server for DNSSEC resolving
+ - disabled as '--no-local-dns'
+ --ca-verification Disable CA certificate verification
+ - disabled as '--no-ca-verification'
+ - enabled by default
+ --ocsp Enable OCSP certificate verification
+ - disabled as '--no-ocsp'
+ -r, --resume Establish a session and resume
+ -e, --rehandshake Establish a session and rehandshake
+ -s, --starttls Connect, establish a plain session and start TLS
+ --app-proto=str an alias for the 'starttls-proto' option
+ --starttls-proto=str The application protocol to be used to obtain the server's certificate
+(https, ftp, smtp, imap)
+ - prohibits the option 'starttls'
+ -u, --udp Use DTLS (datagram TLS) over UDP
+ --mtu=num Set MTU for datagram TLS
+ - it must be in the range:
+ 0 to 17000
+ --crlf Send CR LF instead of LF
+ --x509fmtder Use DER format for certificates to read from
+ -f, --fingerprint Send the openpgp fingerprint, instead of the key
+ --print-cert Print peer's certificate in PEM format
+ --dh-bits=num The minimum number of bits allowed for DH
+ --priority=str Priorities string
+ --x509cafile=str Certificate file or PKCS #11 URL to use
+ --x509crlfile=file CRL file to use
+ - file must pre-exist
+ --pgpkeyfile=file PGP Key file to use
+ - file must pre-exist
+ --pgpkeyring=file PGP Key ring file to use
+ - file must pre-exist
+ --pgpcertfile=file PGP Public Key (certificate) file to use
+ - file must pre-exist
+ --x509keyfile=str X.509 key file or PKCS #11 URL to use
+ --x509certfile=str X.509 Certificate file or PKCS #11 URL to use
+ --pgpsubkey=str PGP subkey to use (hex or auto)
+ --srpusername=str SRP username to use
+ --srppasswd=str SRP password to use
+ --pskusername=str PSK username to use
+ --pskkey=str PSK key (in hex) to use
+ -p, --port=str The port or service to connect to
+ --insecure Don't abort program if server certificate can't be validated
+ --ranges Use length-hiding padding to prevent traffic analysis
+ --benchmark-ciphers Benchmark individual ciphers
+ --benchmark-tls-kx Benchmark TLS key exchange methods
+ --benchmark-tls-ciphers Benchmark TLS ciphers
+ -l, --list Print a list of the supported algorithms and modes
+ - prohibits the option 'port'
+ --noticket Don't allow session tickets
+ -!, --srtp-profiles=str Offer SRTP profiles
+ -", --alpn=str Application layer protocol
+ - may appear multiple times
+ -b, --heartbeat Activate heartbeat support
+ -#, --recordsize=num The maximum record size to advertize
+ - it must be in the range:
+ 0 to 4096
+ -$, --disable-sni Do not send a Server Name Indication (SNI)
+ -%, --disable-extensions Disable all the TLS extensions
+ -&, --inline-commands Inline commands of the form ^<cmd>^
+ -', --inline-commands-prefix=str Change the default delimiter for inline commands.
+ -(, --provider=file Specify the PKCS #11 provider library
+ - file must pre-exist
+ -), --fips140-mode Reports the status of the FIPS140-2 mode in gnutls library
+ -v, --version[=arg] output version information and exit
+ -h, --help display extended usage information and exit
+ -!, --more-help extended usage information passed thru pager
+
+Options are specified by doubled hyphens and their name or by a single
+hyphen and the flag character.
+Operands and options may be intermixed. They will be reordered.
+
+Simple client program to set up a TLS connection to some other computer. It
+sets up a TLS connection and forwards data from the standard input to the
+secured socket and vice versa.
+
@end example
@exampleindent 4
diff -ru gnutls-3.4.4/doc/invoke-gnutls-serv.texi gnutls-3.4.4.1/doc/invoke-gnutls-serv.texi
--- gnutls-3.4.4.1/doc/invoke-gnutls-serv.texi 2015-08-10 13:43:51.000000000 -0400
+++ gnutls-3.4.4/doc/invoke-gnutls-serv.texi 2015-07-31 15:44:20.000000000 -0400
@@ -35,7 +35,69 @@
@exampleindent 0
@example
-gnutls-serv is unavailable - no --help
+gnutls-serv - GnuTLS server
+Usage: gnutls-serv [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]...
+
+ -d, --debug=num Enable debugging
+ - it must be in the range:
+ 0 to 9999
+ --noticket Don't accept session tickets
+ -g, --generate Generate Diffie-Hellman and RSA-export parameters
+ -q, --quiet Suppress some messages
+ --nodb Do not use a resumption database
+ --http Act as an HTTP server
+ --echo Act as an Echo server
+ -u, --udp Use DTLS (datagram TLS) over UDP
+ --mtu=num Set MTU for datagram TLS
+ - it must be in the range:
+ 0 to 17000
+ --srtp-profiles=str Offer SRTP profiles
+ -a, --disable-client-cert Do not request a client certificate
+ -r, --require-client-cert Require a client certificate
+ --verify-client-cert If a client certificate is sent then verify it.
+ -b, --heartbeat Activate heartbeat support
+ --x509fmtder Use DER format for certificates to read from
+ --priority=str Priorities string
+ --dhparams=file DH params file to use
+ - file must pre-exist
+ --x509cafile=str Certificate file or PKCS #11 URL to use
+ --x509crlfile=file CRL file to use
+ - file must pre-exist
+ --pgpkeyfile=file PGP Key file to use
+ - file must pre-exist
+ --pgpkeyring=file PGP Key ring file to use
+ - file must pre-exist
+ --pgpcertfile=file PGP Public Key (certificate) file to use
+ - file must pre-exist
+ --x509keyfile=str X.509 key file or PKCS #11 URL to use
+ --x509certfile=str X.509 Certificate file or PKCS #11 URL to use
+ --x509dsakeyfile=str Alternative X.509 key file or PKCS #11 URL to use
+ --x509dsacertfile=str Alternative X.509 Certificate file or PKCS #11 URL to use
+ --x509ecckeyfile=str Alternative X.509 key file or PKCS #11 URL to use
+ --x509ecccertfile=str Alternative X.509 Certificate file or PKCS #11 URL to use
+ --pgpsubkey=str PGP subkey to use (hex or auto)
+ --srppasswd=file SRP password file to use
+ - file must pre-exist
+ --srppasswdconf=file SRP password configuration file to use
+ - file must pre-exist
+ --pskpasswd=file PSK password file to use
+ - file must pre-exist
+ --pskhint=str PSK identity hint to use
+ --ocsp-response=file The OCSP response to send to client
+ - file must pre-exist
+ -p, --port=num The port to connect to
+ -l, --list Print a list of the supported algorithms and modes
+ --provider=file Specify the PKCS #11 provider library
+ - file must pre-exist
+ -v, --version[=arg] output version information and exit
+ -h, --help display extended usage information and exit
+ -!, --more-help extended usage information passed thru pager
+
+Options are specified by doubled hyphens and their name or by a single
+hyphen and the flag character.
+
+Server program that listens to incoming TLS connections.
+
@end example
@exampleindent 4
diff -ru gnutls-3.4.4/doc/invoke-ocsptool.texi gnutls-3.4.4.1/doc/invoke-ocsptool.texi
--- gnutls-3.4.4.1/doc/invoke-ocsptool.texi 2015-08-10 13:43:53.000000000 -0400
+++ gnutls-3.4.4/doc/invoke-ocsptool.texi 2015-07-31 15:44:22.000000000 -0400
@@ -37,7 +37,53 @@
@exampleindent 0
@example
-ocsptool is unavailable - no --help
+ocsptool - GnuTLS OCSP tool
+Usage: ocsptool [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]...
+
+ -d, --debug=num Enable debugging
+ - it must be in the range:
+ 0 to 9999
+ -V, --verbose More verbose output
+ - may appear multiple times
+ --infile=file Input file
+ - file must pre-exist
+ --outfile=str Output file
+ --ask[=arg] Ask an OCSP/HTTP server on a certificate validity
+ - requires these options:
+ load-cert
+ load-issuer
+ -e, --verify-response Verify response
+ -i, --request-info Print information on a OCSP request
+ -j, --response-info Print information on a OCSP response
+ -q, --generate-request Generate an OCSP request
+ --nonce Use (or not) a nonce to OCSP request
+ - disabled as '--no-nonce'
+ --load-issuer=file Read issuer certificate from file
+ - file must pre-exist
+ --load-cert=file Read certificate to check from file
+ - file must pre-exist
+ --load-trust=file Read OCSP trust anchors from file
+ - prohibits the option 'load-signer'
+ - file must pre-exist
+ --load-signer=file Read OCSP response signer from file
+ - prohibits the option 'load-trust'
+ - file must pre-exist
+ --inder Use DER format for input certificates and private keys
+ - disabled as '--no-inder'
+ -Q, --load-request=file Read DER encoded OCSP request from file
+ - file must pre-exist
+ -S, --load-response=file Read DER encoded OCSP response from file
+ - file must pre-exist
+ -v, --version[=arg] output version information and exit
+ -h, --help display extended usage information and exit
+ -!, --more-help extended usage information passed thru pager
+
+Options are specified by doubled hyphens and their name or by a single
+hyphen and the flag character.
+
+Ocsptool is a program that can parse and print information about OCSP
+requests/responses, generate requests and verify responses.
+
@end example
@exampleindent 4
diff -ru gnutls-3.4.4/doc/invoke-p11tool.texi gnutls-3.4.4.1/doc/invoke-p11tool.texi
--- gnutls-3.4.4.1/doc/invoke-p11tool.texi 2015-08-10 13:43:58.000000000 -0400
+++ gnutls-3.4.4/doc/invoke-p11tool.texi 2015-07-31 15:44:26.000000000 -0400
@@ -45,7 +45,97 @@
@exampleindent 0
@example
-p11tool is unavailable - no --help
+p11tool - GnuTLS PKCS #11 tool
+Usage: p11tool [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... [url]
+
+ -d, --debug=num Enable debugging
+ - it must be in the range:
+ 0 to 9999
+ --outfile=str Output file
+ --list-tokens List all available tokens
+ --export Export the object specified by the URL
+ --export-chain Export the certificate specified by the URL and its chain of trust
+ --list-mechanisms List all available mechanisms in a token
+ --info List information on an available object in a token
+ --list-all List all available objects in a token
+ --list-all-certs List all available certificates in a token
+ --list-certs List all certificates that have an associated private key
+ --list-all-privkeys List all available private keys in a token
+ --list-privkeys an alias for the 'list-all-privkeys' option
+ --list-keys an alias for the 'list-all-privkeys' option
+ --list-all-trusted List all available certificates marked as trusted
+ --write Writes the loaded objects to a PKCS #11 token
+ --delete Deletes the objects matching the PKCS #11 URL
+ --generate-random=num Generate random data
+ --generate-rsa Generate an RSA private-public key pair
+ --generate-dsa Generate an RSA private-public key pair
+ --generate-ecc Generate an RSA private-public key pair
+ --export-pubkey Export the public key for a private key
+ --label=str Sets a label for the write operation
+ --mark-wrap Marks the generated key to be a wrapping key
+ - disabled as '--no-mark-wrap'
+ --mark-trusted Marks the object to be written as trusted
+ - disabled as '--no-mark-trusted'
+ --mark-ca Marks the object to be written as a CA
+ - disabled as '--no-mark-ca'
+ --mark-private Marks the object to be written as private
+ - disabled as '--no-mark-private'
+ - enabled by default
+ --trusted an alias for the 'mark-trusted' option
+ --ca an alias for the 'mark-ca' option
+ --private an alias for the 'mark-private' option
+ - enabled by default
+ --login Force (user) login to token
+ - disabled as '--no-login'
+ --so-login Force security officer login to token
+ - disabled as '--no-so-login'
+ --admin-login an alias for the 'so-login' option
+ --detailed-url Print detailed URLs
+ - disabled as '--no-detailed-url'
+ -!, --secret-key=str Provide a hex encoded secret key
+ -", --load-privkey=file Private key file to use
+ - file must pre-exist
+ -#, --load-pubkey=file Public key file to use
+ - file must pre-exist
+ -$, --load-certificate=file Certificate file to use
+ - file must pre-exist
+ -8, --pkcs8 Use PKCS #8 format for private keys
+ -%, --bits=num Specify the number of bits for key generate
+ -&, --curve=str Specify the curve used for EC key generation
+ -', --sec-param=str Specify the security level
+ -(, --inder Use DER/RAW format for input
+ - disabled as '--no-inder'
+ -), --inraw an alias for the 'inder' option
+ -*, --outder Use DER format for output certificates, private keys, and DH parameters
+ - disabled as '--no-outder'
+ -+, --outraw an alias for the 'outder' option
+ -,, --initialize Initializes a PKCS #11 token
+ --, --set-pin=str Specify the PIN to use on token initialization
+ -., --set-so-pin=str Specify the Security Officer's PIN to use on token initialization
+ -/, --provider=file Specify the PKCS #11 provider library
+ - file must pre-exist
+ -0, --batch Disable all interaction with the tool. All parameters need to be
+specified on command line.
+ -v, --version[=arg] output version information and exit
+ -h, --help display extended usage information and exit
+ -!, --more-help extended usage information passed thru pager
+
+Options are specified by doubled hyphens and their name or by a single
+hyphen and the flag character.
+Operands and options may be intermixed. They will be reordered.
+
+Program that allows operations on PKCS #11 smart cards and security
+modules.
+
+To use PKCS #11 tokens with GnuTLS the p11-kit configuration files need to
+be setup. That is create a .module file in /etc/pkcs11/modules with the
+contents 'module: /path/to/pkcs11.so'. Alternatively the configuration
+file /etc/gnutls/pkcs11.conf has to exist and contain a number of lines of
+the form 'load=/usr/lib/opensc-pkcs11.so'.
+
+You can provide the PIN to be used for the PKCS #11 operations with the
+environment variables GNUTLS_PIN and GNUTLS_SO_PIN.
+
@end example
@exampleindent 4
diff -ru gnutls-3.4.4/doc/invoke-psktool.texi gnutls-3.4.4.1/doc/invoke-psktool.texi
--- gnutls-3.4.4.1/doc/invoke-psktool.texi 2015-08-10 13:43:57.000000000 -0400
+++ gnutls-3.4.4/doc/invoke-psktool.texi 2015-07-31 15:44:25.000000000 -0400
@@ -36,7 +36,27 @@
@exampleindent 0
@example
-psktool is unavailable - no --help
+psktool - GnuTLS PSK tool
+Usage: psktool [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]...
+
+ -d, --debug=num Enable debugging
+ - it must be in the range:
+ 0 to 9999
+ -s, --keysize=num specify the key size in bytes
+ - it must be in the range:
+ 0 to 512
+ -u, --username=str specify a username
+ -p, --passwd=str specify a password file
+ -v, --version[=arg] output version information and exit
+ -h, --help display extended usage information and exit
+ -!, --more-help extended usage information passed thru pager
+
+Options are specified by doubled hyphens and their name or by a single
+hyphen and the flag character.
+
+Program that generates random keys for use with TLS-PSK. The keys are
+stored in hexadecimal format in a key file.
+
@end example
@exampleindent 4
diff -ru gnutls-3.4.4/doc/invoke-srptool.texi gnutls-3.4.4.1/doc/invoke-srptool.texi
--- gnutls-3.4.4.1/doc/invoke-srptool.texi 2015-08-10 13:43:56.000000000 -0400
+++ gnutls-3.4.4/doc/invoke-srptool.texi 2015-07-31 15:44:24.000000000 -0400
@@ -41,7 +41,34 @@
@exampleindent 0
@example
-srptool is unavailable - no --help
+srptool - GnuTLS SRP tool
+Usage: srptool [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]...
+
+ -d, --debug=num Enable debugging
+ - it must be in the range:
+ 0 to 9999
+ -i, --index=num specify the index of the group parameters in tpasswd.conf to use
+ -u, --username=str specify a username
+ -p, --passwd=str specify a password file
+ -s, --salt=num specify salt size
+ --verify just verify the password.
+ -v, --passwd-conf=str specify a password conf file.
+ --create-conf=str Generate a password configuration file.
+ -v, --version[=arg] output version information and exit
+ -h, --help display extended usage information and exit
+ -!, --more-help extended usage information passed thru pager
+
+Options are specified by doubled hyphens and their name or by a single
+hyphen and the flag character.
+
+Simple program that emulates the programs in the Stanford SRP (Secure
+Remote Password) libraries using GnuTLS. It is intended for use in places
+where you don't expect SRP authentication to be the used for system users.
+
+In brief, to use SRP you need to create two files. These are the password
+file that holds the users and the verifiers associated with them and the
+configuration file to hold the group parameters (called tpasswd.conf).
+
@end example
@exampleindent 4
|