Could you please report this issue to Mozilla? Based on a quick look of our source code and manpage I think our manpages correctly document the situation:
lib/certdb/certdb.c SECStatus CERT_DecodeTrustString(CERTCertTrust *trust, const char *trusts) { unsigned int i; unsigned int *pflags; if (!trust) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; } trust->sslFlags = 0; trust->emailFlags = 0; trust->objectSigningFlags = 0; if (!trusts) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; } pflags = &trust->sslFlags; for (i=0; i < PORT_Strlen(trusts); i++) { switch (trusts[i]) { case 'p': *pflags = *pflags | CERTDB_TERMINAL_RECORD; break; case 'P': *pflags = *pflags | CERTDB_TRUSTED | CERTDB_TERMINAL_RECORD; break; lib/certdb/certdb.h typedef unsigned int __CERTDB_VALID_PEER __attribute__((deprecated ("CERTDB_VALID_PEER is now CERTDB_TERMINAL_RECORD"))); There's a chance that "valid peer" is really being used to mean "not trusted for this particular feature" but that feels strange. Thanks ** Changed in: nss (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1586538 Title: certutils from libnss3-tools - man page contradicts Mozilla's To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss/+bug/1586538/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs