summaryrefslogtreecommitdiff
path: root/gnu/packages/patches/gnutls-doc-fix.patch
blob: 170d2468bc3a2471c8e2ff0a39e7a62e39d61d63 (about) (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
diff -ru gnutls-3.4.4/doc/invoke-certtool.texi gnutls-3.4.4.1/doc/invoke-certtool.texi
--- gnutls-3.4.4.1/doc/invoke-certtool.texi	2015-08-10 13:43:52.000000000 -0400
+++ gnutls-3.4.4/doc/invoke-certtool.texi	2015-07-31 15:44:21.000000000 -0400
@@ -41,7 +41,97 @@
 
 @exampleindent 0
 @example
-certtool is unavailable - no --help
+certtool - GnuTLS certificate tool
+Usage:  certtool [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]...
+
+   -d, --debug=num            Enable debugging
+                                - it must be in the range:
+                                  0 to 9999
+   -V, --verbose              More verbose output
+                                - may appear multiple times
+       --infile=file          Input file
+                                - file must pre-exist
+       --outfile=str          Output file
+   -s, --generate-self-signed  Generate a self-signed certificate
+   -c, --generate-certificate  Generate a signed certificate
+       --generate-proxy       Generates a proxy certificate
+       --generate-crl         Generate a CRL
+   -u, --update-certificate   Update a signed certificate
+   -p, --generate-privkey     Generate a private key
+   -q, --generate-request     Generate a PKCS #10 certificate request
+                                - prohibits the option 'infile'
+   -e, --verify-chain         Verify a PEM encoded certificate chain
+       --verify               Verify a PEM encoded certificate chain using a trusted list
+       --verify-crl           Verify a CRL using a trusted list
+                                - requires the option 'load-ca-certificate'
+       --generate-dh-params   Generate PKCS #3 encoded Diffie-Hellman parameters
+       --get-dh-params        Get the included PKCS #3 encoded Diffie-Hellman parameters
+       --dh-info              Print information PKCS #3 encoded Diffie-Hellman parameters
+       --load-privkey=str     Loads a private key file
+       --load-pubkey=str      Loads a public key file
+       --load-request=str     Loads a certificate request file
+       --load-certificate=str Loads a certificate file
+       --load-ca-privkey=str  Loads the certificate authority's private key file
+       --load-ca-certificate=str Loads the certificate authority's certificate file
+       --password=str         Password to use
+       --null-password        Enforce a NULL password
+       --empty-password       Enforce an empty password
+       --hex-numbers          Print big number in an easier format to parse
+       --cprint               In certain operations it prints the information in C-friendly format
+   -i, --certificate-info     Print information on the given certificate
+       --certificate-pubkey   Print certificate's public key
+       --pgp-certificate-info  Print information on the given OpenPGP certificate
+       --pgp-ring-info        Print information on the given OpenPGP keyring structure
+   -l, --crl-info             Print information on the given CRL structure
+       --crq-info             Print information on the given certificate request
+       --no-crq-extensions    Do not use extensions in certificate requests
+       --p12-info             Print information on a PKCS #12 structure
+       --p12-name=str         The PKCS #12 friendly name to use
+       --p7-info              Print information on a PKCS #7 structure
+       --smime-to-p7          Convert S/MIME to PKCS #7 structure
+   -k, --key-info             Print information on a private key
+       --pgp-key-info         Print information on an OpenPGP private key
+       --pubkey-info          Print information on a public key
+       --v1                   Generate an X.509 version 1 certificate (with no extensions)
+   -!, --to-p12               Generate a PKCS #12 structure
+                                - requires the option 'load-certificate'
+   -", --to-p8                Generate a PKCS #8 structure
+   -8, --pkcs8                Use PKCS #8 format for private keys
+   -#, --rsa                  Generate RSA key
+   -$, --dsa                  Generate DSA key
+   -%, --ecc                  Generate ECC (ECDSA) key
+   -&, --ecdsa                an alias for the 'ecc' option
+   -', --hash=str             Hash algorithm to use for signing
+   -(, --inder                Use DER format for input certificates, private keys, and DH parameters
+                                - disabled as '--no-inder'
+   -), --inraw                an alias for the 'inder' option
+   -*, --outder               Use DER format for output certificates, private keys, and DH parameters
+                                - disabled as '--no-outder'
+   -+, --outraw               an alias for the 'outder' option
+   -,, --bits=num             Specify the number of bits for key generate
+   --, --curve=str            Specify the curve used for EC key generation
+   -., --sec-param=str        Specify the security level [low, legacy, medium, high, ultra]
+   -/, --disable-quick-random  No effect
+   -0, --template=str         Template file to use for non-interactive operation
+   -1, --stdout-info          Print information to stdout instead of stderr
+   -2, --ask-pass             Enable interaction for entering password when in batch mode.
+   -3, --pkcs-cipher=str      Cipher to use for PKCS #8 and #12 operations
+   -4, --provider=str         Specify the PKCS #11 provider library
+   -v, --version[=arg]        output version information and exit
+   -h, --help                 display extended usage information and exit
+   -!, --more-help            extended usage information passed thru pager
+
+Options are specified by doubled hyphens and their name or by a single
+hyphen and the flag character.
+
+Tool to parse and generate X.509 certificates, requests and private keys.
+It can be used interactively or non interactively by specifying the
+template command line option.
+
+The tool accepts files or URLs supported by GnuTLS.  In case PIN is
+required for the URL access you can provide it using the environment
+variables GNUTLS_PIN and GNUTLS_SO_PIN.
+
 @end example
 @exampleindent 4
 
diff -ru gnutls-3.4.4/doc/invoke-gnutls-cli-debug.texi gnutls-3.4.4.1/doc/invoke-gnutls-cli-debug.texi
--- gnutls-3.4.4.1/doc/invoke-gnutls-cli-debug.texi	2015-08-10 13:43:50.000000000 -0400
+++ gnutls-3.4.4/doc/invoke-gnutls-cli-debug.texi	2015-07-31 15:44:18.000000000 -0400
@@ -40,7 +40,34 @@
 
 @exampleindent 0
 @example
-gnutls-cli-debug is unavailable - no --help
+gnutls-cli-debug - GnuTLS debug client
+Usage:  gnutls-cli-debug [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... 
+
+   -d, --debug=num            Enable debugging
+                                - it must be in the range:
+                                  0 to 9999
+   -V, --verbose              More verbose output
+                                - may appear multiple times
+   -p, --port=num             The port to connect to
+                                - it must be in the range:
+                                  0 to 65536
+       --app-proto=str        The application protocol to be used to obtain the server's certificate
+(https, ftp, smtp, imap)
+   -v, --version[=arg]        output version information and exit
+   -h, --help                 display extended usage information and exit
+   -!, --more-help            extended usage information passed thru pager
+
+Options are specified by doubled hyphens and their name or by a single
+hyphen and the flag character.
+Operands and options may be intermixed.  They will be reordered.
+
+TLS debug client.  It sets up multiple TLS connections to a server and
+queries its capabilities.  It was created to assist in debugging GnuTLS,
+but it might be useful to extract a TLS server's capabilities.  It connects
+to a TLS server, performs tests and print the server's capabilities.  If
+called with the `-v' parameter more checks will be performed.  Can be used
+to check for servers with special needs or bugs.
+
 @end example
 @exampleindent 4
 
diff -ru gnutls-3.4.4/doc/invoke-gnutls-cli.texi gnutls-3.4.4.1/doc/invoke-gnutls-cli.texi
--- gnutls-3.4.4.1/doc/invoke-gnutls-cli.texi	2015-08-10 13:43:49.000000000 -0400
+++ gnutls-3.4.4/doc/invoke-gnutls-cli.texi	2015-07-31 15:44:17.000000000 -0400
@@ -36,7 +36,95 @@
 
 @exampleindent 0
 @example
-gnutls-cli is unavailable - no --help
+gnutls-cli - GnuTLS client
+Usage:  gnutls-cli [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... [hostname]
+
+   -d, --debug=num            Enable debugging
+                                - it must be in the range:
+                                  0 to 9999
+   -V, --verbose              More verbose output
+                                - may appear multiple times
+       --tofu                 Enable trust on first use authentication
+                                - disabled as '--no-tofu'
+       --strict-tofu          Fail to connect if a known certificate has changed
+                                - disabled as '--no-strict-tofu'
+       --dane                 Enable DANE certificate verification (DNSSEC)
+                                - disabled as '--no-dane'
+       --local-dns            Use the local DNS server for DNSSEC resolving
+                                - disabled as '--no-local-dns'
+       --ca-verification      Disable CA certificate verification
+                                - disabled as '--no-ca-verification'
+                                - enabled by default
+       --ocsp                 Enable OCSP certificate verification
+                                - disabled as '--no-ocsp'
+   -r, --resume               Establish a session and resume
+   -e, --rehandshake          Establish a session and rehandshake
+   -s, --starttls             Connect, establish a plain session and start TLS
+       --app-proto=str        an alias for the 'starttls-proto' option
+       --starttls-proto=str   The application protocol to be used to obtain the server's certificate
+(https, ftp, smtp, imap)
+                                - prohibits the option 'starttls'
+   -u, --udp                  Use DTLS (datagram TLS) over UDP
+       --mtu=num              Set MTU for datagram TLS
+                                - it must be in the range:
+                                  0 to 17000
+       --crlf                 Send CR LF instead of LF
+       --x509fmtder           Use DER format for certificates to read from
+   -f, --fingerprint          Send the openpgp fingerprint, instead of the key
+       --print-cert           Print peer's certificate in PEM format
+       --dh-bits=num          The minimum number of bits allowed for DH
+       --priority=str         Priorities string
+       --x509cafile=str       Certificate file or PKCS #11 URL to use
+       --x509crlfile=file     CRL file to use
+                                - file must pre-exist
+       --pgpkeyfile=file      PGP Key file to use
+                                - file must pre-exist
+       --pgpkeyring=file      PGP Key ring file to use
+                                - file must pre-exist
+       --pgpcertfile=file     PGP Public Key (certificate) file to use
+                                - file must pre-exist
+       --x509keyfile=str      X.509 key file or PKCS #11 URL to use
+       --x509certfile=str     X.509 Certificate file or PKCS #11 URL to use
+       --pgpsubkey=str        PGP subkey to use (hex or auto)
+       --srpusername=str      SRP username to use
+       --srppasswd=str        SRP password to use
+       --pskusername=str      PSK username to use
+       --pskkey=str           PSK key (in hex) to use
+   -p, --port=str             The port or service to connect to
+       --insecure             Don't abort program if server certificate can't be validated
+       --ranges               Use length-hiding padding to prevent traffic analysis
+       --benchmark-ciphers    Benchmark individual ciphers
+       --benchmark-tls-kx     Benchmark TLS key exchange methods
+       --benchmark-tls-ciphers  Benchmark TLS ciphers
+   -l, --list                 Print a list of the supported algorithms and modes
+                                - prohibits the option 'port'
+       --noticket             Don't allow session tickets
+   -!, --srtp-profiles=str    Offer SRTP profiles
+   -", --alpn=str             Application layer protocol
+                                - may appear multiple times
+   -b, --heartbeat            Activate heartbeat support
+   -#, --recordsize=num       The maximum record size to advertize
+                                - it must be in the range:
+                                  0 to 4096
+   -$, --disable-sni          Do not send a Server Name Indication (SNI)
+   -%, --disable-extensions   Disable all the TLS extensions
+   -&, --inline-commands      Inline commands of the form ^<cmd>^
+   -', --inline-commands-prefix=str Change the default delimiter for inline commands.
+   -(, --provider=file        Specify the PKCS #11 provider library
+                                - file must pre-exist
+   -), --fips140-mode         Reports the status of the FIPS140-2 mode in gnutls library
+   -v, --version[=arg]        output version information and exit
+   -h, --help                 display extended usage information and exit
+   -!, --more-help            extended usage information passed thru pager
+
+Options are specified by doubled hyphens and their name or by a single
+hyphen and the flag character.
+Operands and options may be intermixed.  They will be reordered.
+
+Simple client program to set up a TLS connection to some other computer.  It
+sets up a TLS connection and forwards data from the standard input to the
+secured socket and vice versa.
+
 @end example
 @exampleindent 4
 
diff -ru gnutls-3.4.4/doc/invoke-gnutls-serv.texi gnutls-3.4.4.1/doc/invoke-gnutls-serv.texi
--- gnutls-3.4.4.1/doc/invoke-gnutls-serv.texi	2015-08-10 13:43:51.000000000 -0400
+++ gnutls-3.4.4/doc/invoke-gnutls-serv.texi	2015-07-31 15:44:20.000000000 -0400
@@ -35,7 +35,69 @@
 
 @exampleindent 0
 @example
-gnutls-serv is unavailable - no --help
+gnutls-serv - GnuTLS server
+Usage:  gnutls-serv [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]...
+
+   -d, --debug=num            Enable debugging
+                                - it must be in the range:
+                                  0 to 9999
+       --noticket             Don't accept session tickets
+   -g, --generate             Generate Diffie-Hellman and RSA-export parameters
+   -q, --quiet                Suppress some messages
+       --nodb                 Do not use a resumption database
+       --http                 Act as an HTTP server
+       --echo                 Act as an Echo server
+   -u, --udp                  Use DTLS (datagram TLS) over UDP
+       --mtu=num              Set MTU for datagram TLS
+                                - it must be in the range:
+                                  0 to 17000
+       --srtp-profiles=str    Offer SRTP profiles
+   -a, --disable-client-cert  Do not request a client certificate
+   -r, --require-client-cert  Require a client certificate
+       --verify-client-cert   If a client certificate is sent then verify it.
+   -b, --heartbeat            Activate heartbeat support
+       --x509fmtder           Use DER format for certificates to read from
+       --priority=str         Priorities string
+       --dhparams=file        DH params file to use
+                                - file must pre-exist
+       --x509cafile=str       Certificate file or PKCS #11 URL to use
+       --x509crlfile=file     CRL file to use
+                                - file must pre-exist
+       --pgpkeyfile=file      PGP Key file to use
+                                - file must pre-exist
+       --pgpkeyring=file      PGP Key ring file to use
+                                - file must pre-exist
+       --pgpcertfile=file     PGP Public Key (certificate) file to use
+                                - file must pre-exist
+       --x509keyfile=str      X.509 key file or PKCS #11 URL to use
+       --x509certfile=str     X.509 Certificate file or PKCS #11 URL to use
+       --x509dsakeyfile=str   Alternative X.509 key file or PKCS #11 URL to use
+       --x509dsacertfile=str  Alternative X.509 Certificate file or PKCS #11 URL to use
+       --x509ecckeyfile=str   Alternative X.509 key file or PKCS #11 URL to use
+       --x509ecccertfile=str  Alternative X.509 Certificate file or PKCS #11 URL to use
+       --pgpsubkey=str        PGP subkey to use (hex or auto)
+       --srppasswd=file       SRP password file to use
+                                - file must pre-exist
+       --srppasswdconf=file   SRP password configuration file to use
+                                - file must pre-exist
+       --pskpasswd=file       PSK password file to use
+                                - file must pre-exist
+       --pskhint=str          PSK identity hint to use
+       --ocsp-response=file   The OCSP response to send to client
+                                - file must pre-exist
+   -p, --port=num             The port to connect to
+   -l, --list                 Print a list of the supported algorithms and modes
+       --provider=file        Specify the PKCS #11 provider library
+                                - file must pre-exist
+   -v, --version[=arg]        output version information and exit
+   -h, --help                 display extended usage information and exit
+   -!, --more-help            extended usage information passed thru pager
+
+Options are specified by doubled hyphens and their name or by a single
+hyphen and the flag character.
+
+Server program that listens to incoming TLS connections.
+
 @end example
 @exampleindent 4
 
diff -ru gnutls-3.4.4/doc/invoke-ocsptool.texi gnutls-3.4.4.1/doc/invoke-ocsptool.texi
--- gnutls-3.4.4.1/doc/invoke-ocsptool.texi	2015-08-10 13:43:53.000000000 -0400
+++ gnutls-3.4.4/doc/invoke-ocsptool.texi	2015-07-31 15:44:22.000000000 -0400
@@ -37,7 +37,53 @@
 
 @exampleindent 0
 @example
-ocsptool is unavailable - no --help
+ocsptool - GnuTLS OCSP tool
+Usage:  ocsptool [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]...
+
+   -d, --debug=num            Enable debugging
+                                - it must be in the range:
+                                  0 to 9999
+   -V, --verbose              More verbose output
+                                - may appear multiple times
+       --infile=file          Input file
+                                - file must pre-exist
+       --outfile=str          Output file
+       --ask[=arg]            Ask an OCSP/HTTP server on a certificate validity
+                                - requires these options:
+                                load-cert
+                                load-issuer
+   -e, --verify-response      Verify response
+   -i, --request-info         Print information on a OCSP request
+   -j, --response-info        Print information on a OCSP response
+   -q, --generate-request     Generate an OCSP request
+       --nonce                Use (or not) a nonce to OCSP request
+                                - disabled as '--no-nonce'
+       --load-issuer=file     Read issuer certificate from file
+                                - file must pre-exist
+       --load-cert=file       Read certificate to check from file
+                                - file must pre-exist
+       --load-trust=file      Read OCSP trust anchors from file
+                                - prohibits the option 'load-signer'
+                                - file must pre-exist
+       --load-signer=file     Read OCSP response signer from file
+                                - prohibits the option 'load-trust'
+                                - file must pre-exist
+       --inder                Use DER format for input certificates and private keys
+                                - disabled as '--no-inder'
+   -Q, --load-request=file    Read DER encoded OCSP request from file
+                                - file must pre-exist
+   -S, --load-response=file   Read DER encoded OCSP response from file
+                                - file must pre-exist
+   -v, --version[=arg]        output version information and exit
+   -h, --help                 display extended usage information and exit
+   -!, --more-help            extended usage information passed thru pager
+
+Options are specified by doubled hyphens and their name or by a single
+hyphen and the flag character.
+
+Ocsptool is a program that can parse and print information about OCSP
+requests/responses, generate requests and verify responses.
+
 @end example
 @exampleindent 4
 
diff -ru gnutls-3.4.4/doc/invoke-p11tool.texi gnutls-3.4.4.1/doc/invoke-p11tool.texi
--- gnutls-3.4.4.1/doc/invoke-p11tool.texi	2015-08-10 13:43:58.000000000 -0400
+++ gnutls-3.4.4/doc/invoke-p11tool.texi	2015-07-31 15:44:26.000000000 -0400
@@ -45,7 +45,97 @@
 
 @exampleindent 0
 @example
-p11tool is unavailable - no --help
+p11tool - GnuTLS PKCS #11 tool
+Usage:  p11tool [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... [url]
+
+   -d, --debug=num            Enable debugging
+                                - it must be in the range:
+                                  0 to 9999
+       --outfile=str          Output file
+       --list-tokens          List all available tokens
+       --export               Export the object specified by the URL
+       --export-chain         Export the certificate specified by the URL and its chain of trust
+       --list-mechanisms      List all available mechanisms in a token
+       --info                 List information on an available object in a token
+       --list-all             List all available objects in a token
+       --list-all-certs       List all available certificates in a token
+       --list-certs           List all certificates that have an associated private key
+       --list-all-privkeys    List all available private keys in a token
+       --list-privkeys        an alias for the 'list-all-privkeys' option
+       --list-keys            an alias for the 'list-all-privkeys' option
+       --list-all-trusted     List all available certificates marked as trusted
+       --write                Writes the loaded objects to a PKCS #11 token
+       --delete               Deletes the objects matching the PKCS #11 URL
+       --generate-random=num  Generate random data
+       --generate-rsa         Generate an RSA private-public key pair
+       --generate-dsa         Generate an RSA private-public key pair
+       --generate-ecc         Generate an RSA private-public key pair
+       --export-pubkey        Export the public key for a private key
+       --label=str            Sets a label for the write operation
+       --mark-wrap            Marks the generated key to be a wrapping key
+                                - disabled as '--no-mark-wrap'
+       --mark-trusted         Marks the object to be written as trusted
+                                - disabled as '--no-mark-trusted'
+       --mark-ca              Marks the object to be written as a CA
+                                - disabled as '--no-mark-ca'
+       --mark-private         Marks the object to be written as private
+                                - disabled as '--no-mark-private'
+                                - enabled by default
+       --trusted              an alias for the 'mark-trusted' option
+       --ca                   an alias for the 'mark-ca' option
+       --private              an alias for the 'mark-private' option
+                                - enabled by default
+       --login                Force (user) login to token
+                                - disabled as '--no-login'
+       --so-login             Force security officer login to token
+                                - disabled as '--no-so-login'
+       --admin-login          an alias for the 'so-login' option
+       --detailed-url         Print detailed URLs
+                                - disabled as '--no-detailed-url'
+   -!, --secret-key=str       Provide a hex encoded secret key
+   -", --load-privkey=file    Private key file to use
+                                - file must pre-exist
+   -#, --load-pubkey=file     Public key file to use
+                                - file must pre-exist
+   -$, --load-certificate=file Certificate file to use
+                                - file must pre-exist
+   -8, --pkcs8                Use PKCS #8 format for private keys
+   -%, --bits=num             Specify the number of bits for key generate
+   -&, --curve=str            Specify the curve used for EC key generation
+   -', --sec-param=str        Specify the security level
+   -(, --inder                Use DER/RAW format for input
+                                - disabled as '--no-inder'
+   -), --inraw                an alias for the 'inder' option
+   -*, --outder               Use DER format for output certificates, private keys, and DH parameters
+                                - disabled as '--no-outder'
+   -+, --outraw               an alias for the 'outder' option
+   -,, --initialize           Initializes a PKCS #11 token
+   --, --set-pin=str          Specify the PIN to use on token initialization
+   -., --set-so-pin=str       Specify the Security Officer's PIN to use on token initialization
+   -/, --provider=file        Specify the PKCS #11 provider library
+                                - file must pre-exist
+   -0, --batch                Disable all interaction with the tool.  All parameters need to be
+specified on command line.
+   -v, --version[=arg]        output version information and exit
+   -h, --help                 display extended usage information and exit
+   -!, --more-help            extended usage information passed thru pager
+
+Options are specified by doubled hyphens and their name or by a single
+hyphen and the flag character.
+Operands and options may be intermixed.  They will be reordered.
+
+Program that allows operations on PKCS #11 smart cards and security
+modules.
+
+To use PKCS #11 tokens with GnuTLS the p11-kit configuration files need to
+be setup.  That is create a .module file in /etc/pkcs11/modules with the
+contents 'module: /path/to/pkcs11.so'.  Alternatively the configuration
+file /etc/gnutls/pkcs11.conf has to exist and contain a number of lines of
+the form 'load=/usr/lib/opensc-pkcs11.so'.
+
+You can provide the PIN to be used for the PKCS #11 operations with the
+environment variables GNUTLS_PIN and GNUTLS_SO_PIN.
+
 @end example
 @exampleindent 4
 
diff -ru gnutls-3.4.4/doc/invoke-psktool.texi gnutls-3.4.4.1/doc/invoke-psktool.texi
--- gnutls-3.4.4.1/doc/invoke-psktool.texi	2015-08-10 13:43:57.000000000 -0400
+++ gnutls-3.4.4/doc/invoke-psktool.texi	2015-07-31 15:44:25.000000000 -0400
@@ -36,7 +36,27 @@
 
 @exampleindent 0
 @example
-psktool is unavailable - no --help
+psktool - GnuTLS PSK tool
+Usage:  psktool [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]...
+
+   -d, --debug=num            Enable debugging
+                                - it must be in the range:
+                                  0 to 9999
+   -s, --keysize=num          specify the key size in bytes
+                                - it must be in the range:
+                                  0 to 512
+   -u, --username=str         specify a username
+   -p, --passwd=str           specify a password file
+   -v, --version[=arg]        output version information and exit
+   -h, --help                 display extended usage information and exit
+   -!, --more-help            extended usage information passed thru pager
+
+Options are specified by doubled hyphens and their name or by a single
+hyphen and the flag character.
+
+Program that generates random keys for use with TLS-PSK.  The keys are
+stored in hexadecimal format in a key file.
+
 @end example
 @exampleindent 4
 
diff -ru gnutls-3.4.4/doc/invoke-srptool.texi gnutls-3.4.4.1/doc/invoke-srptool.texi
--- gnutls-3.4.4.1/doc/invoke-srptool.texi	2015-08-10 13:43:56.000000000 -0400
+++ gnutls-3.4.4/doc/invoke-srptool.texi	2015-07-31 15:44:24.000000000 -0400
@@ -41,7 +41,34 @@
 
 @exampleindent 0
 @example
-srptool is unavailable - no --help
+srptool - GnuTLS SRP tool
+Usage:  srptool [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]...
+
+   -d, --debug=num            Enable debugging
+                                - it must be in the range:
+                                  0 to 9999
+   -i, --index=num            specify the index of the group parameters in tpasswd.conf to use
+   -u, --username=str         specify a username
+   -p, --passwd=str           specify a password file
+   -s, --salt=num             specify salt size
+       --verify               just verify the password.
+   -v, --passwd-conf=str      specify a password conf file.
+       --create-conf=str      Generate a password configuration file.
+   -v, --version[=arg]        output version information and exit
+   -h, --help                 display extended usage information and exit
+   -!, --more-help            extended usage information passed thru pager
+
+Options are specified by doubled hyphens and their name or by a single
+hyphen and the flag character.
+
+Simple program that emulates the programs in the Stanford SRP (Secure
+Remote Password) libraries using GnuTLS.  It is intended for use in places
+where you don't expect SRP authentication to be the used for system users.
+
+In brief, to use SRP you need to create two files.  These are the password
+file that holds the users and the verifiers associated with them and the
+configuration file to hold the group parameters (called tpasswd.conf).
+
 @end example
 @exampleindent 4