pki: Add --label options to --est* command synopsis

Also fixes some formatting in the man pages.

diff --git a/src/pki/commands/est.c b/src/pki/commands/est.c
index b9859e9ba04c5a1537dc9d46f88bc65a2e1eb35a..f754982e71f968571a60b1be4b5c6eaf5c4fa566 100644 (file)
--- a/src/pki/commands/est.c
+++ b/src/pki/commands/est.c
@@ -357,15 +357,16 @@ static void __attribute__ ((constructor))reg()
        command_register((command_t) {
                est, 'E', "est",
                "Enroll an X.509 certificate with an EST server",
-               {"--url url [--in file] [--cacert file]+ [-userpass username:password]",
-                "[--cert file|--certid hex --key file|--keyid hex] [--interval time]",
+               {"--url url [--label label] [--in file] --cacert file",
+                "[--cert file|--certid hex --key file|--keyid hex]",
+                "[--userpass username:password] [--interval time]",
                 "[--maxpolltime time] [--outform der|pem]"},
                {
                        {"help",        'h', 0, "show usage information"},
                        {"url",         'u', 1, "URL of the EST server"},
                        {"label",       'l', 1, "label in the EST server path"},
                        {"in",          'i', 1, "PKCS#10 input file, default: stdin"},
-                       {"cacert",      'C', 1, "CA certificate"},
+                       {"cacert",      'C', 1, "CA certificate(s)"},
                        {"cert",        'c', 1, "old certificate about to be renewed"},
                        {"certid",      'X', 1, "smartcard or TPM certificate object handle" },
                        {"key",         'k', 1, "old private key about to be replaced"},

diff --git a/src/pki/commands/estca.c b/src/pki/commands/estca.c
index 925b15b731e906c07611a3e5f669cc637003237a..e451eb3cee31747bb16acfa078faafd47d15ef67 100644 (file)
--- a/src/pki/commands/estca.c
+++ b/src/pki/commands/estca.c
@@ -131,13 +131,14 @@ static void __attribute__ ((constructor))reg()
 {
        command_register((command_t) {
                estca, 'e', "estca",
-               "get CA certificate[s] from a EST server",
-               {"--url url [--cacert file]+ [--caout file] [--outform der|pem] [--force]"},
+               "get CA certificate[s] from an EST server",
+               {"--url url [--label label] --cacert file [--caout file]",
+                "[--outform der|pem] [--force]"},
                {
                        {"help",    'h', 0, "show usage information"},
                        {"url",     'u', 1, "URL of the EST server"},
                        {"label",   'l', 1, "label in the EST server path"},
-                       {"cacert",  'C', 1, "TLS CA certificate"},
+                       {"cacert",  'C', 1, "TLS CA certificate(s)"},
                        {"caout",   'c', 1, "CA certificate [template]"},
                        {"outform", 'f', 1, "encoding of stored certificates, default: der"},
                        {"force",   'F', 0, "force overwrite of existing files"},

diff --git a/src/pki/man/pki---est.1.in b/src/pki/man/pki---est.1.in
index 50a7617d275b23eb7fa0589350d6fd1f85f17668..8096b3f623359d613ca6561b36960fe06d7db76a 100644 (file)
--- a/src/pki/man/pki---est.1.in
+++ b/src/pki/man/pki---est.1.in
@@ -7,14 +7,13 @@ pki \-\-est \- Enroll an X.509 certificate with an EST server
 .SH "SYNOPSIS"
 .
 .SY pki\ \-\-est
-.BI\-\-\-url\~ url
+.BI \-\-\-url\~ url
 .OP \-\-label label
 .OP \-\-in file
 .BI \-\-cacert\~ file
 .RB [ \-\-cert
 .IR file | \fB\-\-certid\fR
-.IR hex ]
-.RB [ \-\-key
+.IB hex\~ \-\-key
 .IR file | \fB\-\-keyid\fR
 .IR hex ]
 .OP \-\-userpass username:password
@@ -118,8 +117,8 @@ To save some typing work the following command line options are stored in a
 .B NOTE:
 For a successful HTTPS connection, trust must be established into the EST server
 certificate. The TLS trust chain including the root CA certificate and
-optionally intermediate CA certificates must be given using [multiple]
-.B --cacert*
+optionally intermediate CA certificates must be given using multiple
+.B --cacert
 options.
 .P
 The

diff --git a/src/pki/man/pki---estca.1.in b/src/pki/man/pki---estca.1.in
index 212eb41f7da55ffc6f52dd9dafa042ab5992efc6..8b2077cc768afa22f0cb747686c609a5eb472fd4 100644 (file)
--- a/src/pki/man/pki---estca.1.in
+++ b/src/pki/man/pki---estca.1.in
@@ -7,9 +7,9 @@ pki \-\-estca \- Get CA certificate[s] from an EST server
 .SH "SYNOPSIS"
 .
 .SY pki\ \-\-estca
-.BI\-\-\-url\~ url
+.BI \-\-url\~ url
 .OP \-\-label label
-.BI\-\-\-cacert\~ file
+.BI \-\-cacert\~ file
 .OP \-\-caout file
 .OP \-\-outform encoding
 .OP \-\-force
@@ -92,7 +92,7 @@ To save some typing work the following command line options are stored in a
 .B NOTE:
 For a successful HTTPS connection, trust must be established into the EST server
 certificate. The TLS trust chain including the root CA certificate and optionally
-intermediate CA certificates must be given using [multiple]
+intermediate CA certificates must be given using multiple
 .B --cacert
 options.
 .P

diff --git a/src/pki/man/pki---scep.1.in b/src/pki/man/pki---scep.1.in
index 16870fa3542bfef9ededa01b9c393ff4e818d70e..fcc739fa2383e8af2f4c89cbc9527edd8d78727d 100644 (file)
--- a/src/pki/man/pki---scep.1.in
+++ b/src/pki/man/pki---scep.1.in
@@ -9,7 +9,7 @@ pki \-\-scep \- Enroll an X.509 certificate with a SCEP server
 .SY pki\ \-\-scep
 .BI\-\-\-url\~ url
 .OP \-\-in file
-.BI \-\-dn\~ distinguished-name
+.OP \-\-dn\~ distinguished-name
 .OP \-\-san subjectAltName
 .OP \-\-profile profile
 .OP \-\-password password