updated autogenerated files.

11 files changed, 162 insertions, 68 deletions

diff --git a/doc/invoke-certtool.texi b/doc/invoke-certtool.texi
index 016a8c6fc7..936a873f9e 100644
--- a/doc/invoke-certtool.texi
+++ b/doc/invoke-certtool.texi
@@ -6,7 +6,7 @@
 #
 # DO NOT EDIT THIS FILE   (invoke-certtool.texi)
 #
-# It has been AutoGen-ed  November 16, 2013 at 10:51:20 AM by AutoGen 5.18
+# It has been AutoGen-ed  November 23, 2013 at 10:34:46 AM by AutoGen 5.18.2
 # From the definitions    ../src/certtool-args.def
 # and the template file   agtexi-cmd.tpl
 @end ignore
@@ -129,7 +129,7 @@ Please send bug reports to:  <bugs@@gnutls.org>
 @subsubheading debug option (-d)
 
 This is the ``enable debugging.'' option.
-This option takes an argument number.
+This option takes a number argument.
 Specifies the debug level.
 @anchor{certtool generate-request}
 @subsubheading generate-request option (-q)
@@ -188,31 +188,31 @@ are more efficient since GnuTLS 3.0.9.
 @subsubheading load-privkey option
 
 This is the ``loads a private key file'' option.
-This option takes an argument string.
+This option takes a string argument.
 This can be either a file or a PKCS #11 URL
 @anchor{certtool load-pubkey}
 @subsubheading load-pubkey option
 
 This is the ``loads a public key file'' option.
-This option takes an argument string.
+This option takes a string argument.
 This can be either a file or a PKCS #11 URL
 @anchor{certtool load-certificate}
 @subsubheading load-certificate option
 
 This is the ``loads a certificate file'' option.
-This option takes an argument string.
+This option takes a string argument.
 This can be either a file or a PKCS #11 URL
 @anchor{certtool load-ca-privkey}
 @subsubheading load-ca-privkey option
 
 This is the ``loads the certificate authority's private key file'' option.
-This option takes an argument string.
+This option takes a string argument.
 This can be either a file or a PKCS #11 URL
 @anchor{certtool load-ca-certificate}
 @subsubheading load-ca-certificate option
 
 This is the ``loads the certificate authority's certificate file'' option.
-This option takes an argument string.
+This option takes a string argument.
 This can be either a file or a PKCS #11 URL
 @anchor{certtool cprint}
 @subsubheading cprint option
@@ -268,12 +268,20 @@ This is an alias for the @code{ecc} option,
 @subsubheading hash option
 
 This is the ``hash algorithm to use for signing.'' option.
-This option takes an argument string.
+This option takes a string argument.
 Available hash functions are SHA1, RMD160, SHA256, SHA384, SHA512.
 @anchor{certtool inder}
 @subsubheading inder option
 
 This is the ``use der format for input certificates and private keys.'' option.
+
+@noindent
+This option has some usage constraints.  It:
+@itemize @bullet
+@item
+can be disabled with --no-inder.
+@end itemize
+
 The input files will be assumed to be in DER or RAW format. 
 Unlike options that in PEM input would allow multiple input data (e.g. multiple 
 certificates), when reading in DER format a single data structure is read.
@@ -287,6 +295,14 @@ This is an alias for the @code{inder} option,
 @subsubheading outder option
 
 This is the ``use der format for output certificates and private keys'' option.
+
+@noindent
+This option has some usage constraints.  It:
+@itemize @bullet
+@item
+can be disabled with --no-outder.
+@end itemize
+
 The output will be in DER or RAW format.
 @anchor{certtool outraw}
 @subsubheading outraw option
@@ -298,13 +314,13 @@ This is an alias for the @code{outder} option,
 @subsubheading sec-param option
 
 This is the ``specify the security level [low, legacy, normal, high, ultra].'' option.
-This option takes an argument string @file{Security parameter}.
+This option takes a string argument @file{Security parameter}.
 This is alternative to the bits option.
 @anchor{certtool pkcs-cipher}
 @subsubheading pkcs-cipher option
 
 This is the ``cipher to use for pkcs #8 and #12 operations'' option.
-This option takes an argument string @file{Cipher}.
+This option takes a string argument @file{Cipher}.
 Cipher may be one of 3des, 3des-pkcs12, aes-128, aes-192, aes-256, rc2-40, arcfour.
 @anchor{certtool exit status}
 @subsubheading certtool exit status
diff --git a/doc/invoke-danetool.texi b/doc/invoke-danetool.texi
index 82f8b17a18..ca4c6c81be 100644
--- a/doc/invoke-danetool.texi
+++ b/doc/invoke-danetool.texi
@@ -6,7 +6,7 @@
 #
 # DO NOT EDIT THIS FILE   (invoke-danetool.texi)
 #
-# It has been AutoGen-ed  November 16, 2013 at 10:51:27 AM by AutoGen 5.18
+# It has been AutoGen-ed  November 23, 2013 at 10:34:53 AM by AutoGen 5.18.2
 # From the definitions    ../src/danetool-args.def
 # and the template file   agtexi-cmd.tpl
 @end ignore
@@ -89,37 +89,37 @@ Please send bug reports to:  <bugs@@gnutls.org>
 @subsubheading debug option (-d)
 
 This is the ``enable debugging.'' option.
-This option takes an argument number.
+This option takes a number argument.
 Specifies the debug level.
 @anchor{danetool load-pubkey}
 @subsubheading load-pubkey option
 
 This is the ``loads a public key file'' option.
-This option takes an argument string.
+This option takes a string argument.
 This can be either a file or a PKCS #11 URL
 @anchor{danetool load-certificate}
 @subsubheading load-certificate option
 
 This is the ``loads a certificate file'' option.
-This option takes an argument string.
+This option takes a string argument.
 This can be either a file or a PKCS #11 URL
 @anchor{danetool dlv}
 @subsubheading dlv option
 
 This is the ``sets a dlv file'' option.
-This option takes an argument string.
+This option takes a string argument.
 This sets a DLV file to be used for DNSSEC verification.
 @anchor{danetool hash}
 @subsubheading hash option
 
 This is the ``hash algorithm to use for signing.'' option.
-This option takes an argument string.
+This option takes a string argument.
 Available hash functions are SHA1, RMD160, SHA256, SHA384, SHA512.
 @anchor{danetool check}
 @subsubheading check option
 
 This is the ``check a host's dane tlsa entry.'' option.
-This option takes an argument string.
+This option takes a string argument.
 Obtains the DANE TLSA entry from the given hostname and prints information. Note that the actual certificate of the host has to be provided using --load-certificate.
 @anchor{danetool check-ee}
 @subsubheading check-ee option
@@ -140,12 +140,28 @@ Ignores any DNSSEC signature verification results.
 @subsubheading local-dns option
 
 This is the ``use the local dns server for dnssec resolving.'' option.
+
+@noindent
+This option has some usage constraints.  It:
+@itemize @bullet
+@item
+can be disabled with --no-local-dns.
+@end itemize
+
 This option will use the local DNS server for DNSSEC.
 This is disabled by default due to many servers not allowing DNSSEC.
 @anchor{danetool inder}
 @subsubheading inder option
 
 This is the ``use der format for input certificates and private keys.'' option.
+
+@noindent
+This option has some usage constraints.  It:
+@itemize @bullet
+@item
+can be disabled with --no-inder.
+@end itemize
+
 The input files will be assumed to be in DER or RAW format. 
 Unlike options that in PEM input would allow multiple input data (e.g. multiple 
 certificates), when reading in DER format a single data structure is read.
@@ -173,13 +189,13 @@ This command prints the DANE RR data needed to enable DANE on a DNS server.
 @subsubheading host option
 
 This is the ``specify the hostname to be used in the dane rr'' option.
-This option takes an argument string @file{Hostname}.
+This option takes a string argument @file{Hostname}.
 This command sets the hostname for the DANE RR.
 @anchor{danetool proto}
 @subsubheading proto option
 
 This is the ``the protocol set for dane data (tcp, udp etc.)'' option.
-This option takes an argument string @file{Protocol}.
+This option takes a string argument @file{Protocol}.
 This command specifies the protocol for the service set in the DANE data.
 @anchor{danetool ca}
 @subsubheading ca option
@@ -206,7 +222,9 @@ This is the ``the provided certificate or public key is issued by the local doma
 This option has some usage constraints.  It:
 @itemize @bullet
 @item
-is enabled by default.
+can be disabled with --no-domain.
+@item
+It is enabled by default.
 @end itemize
 
 DANE distinguishes certificates and public keys offered via the DNSSEC to trusted and local entities. This flag indicates that this is a domain-issued certificate, meaning that there could be no CA involved.
diff --git a/doc/invoke-gnutls-cli-debug.texi b/doc/invoke-gnutls-cli-debug.texi
index e05ef1194a..90548663ba 100644
--- a/doc/invoke-gnutls-cli-debug.texi
+++ b/doc/invoke-gnutls-cli-debug.texi
@@ -6,7 +6,7 @@
 #
 # DO NOT EDIT THIS FILE   (invoke-gnutls-cli-debug.texi)
 #
-# It has been AutoGen-ed  November 16, 2013 at 10:51:18 AM by AutoGen 5.18
+# It has been AutoGen-ed  November 23, 2013 at 10:34:44 AM by AutoGen 5.18.2
 # From the definitions    ../src/cli-debug-args.def
 # and the template file   agtexi-cmd.tpl
 @end ignore
@@ -74,7 +74,7 @@ Please send bug reports to:  <bugs@@gnutls.org>
 @subheading debug option (-d)
 
 This is the ``enable debugging.'' option.
-This option takes an argument number.
+This option takes a number argument.
 Specifies the debug level.
 @anchor{gnutls-cli-debug exit status}
 @subheading gnutls-cli-debug exit status
diff --git a/doc/invoke-gnutls-cli.texi b/doc/invoke-gnutls-cli.texi
index a0650da3c8..82047ad230 100644
--- a/doc/invoke-gnutls-cli.texi
+++ b/doc/invoke-gnutls-cli.texi
@@ -6,7 +6,7 @@
 #
 # DO NOT EDIT THIS FILE   (invoke-gnutls-cli.texi)
 #
-# It has been AutoGen-ed  November 16, 2013 at 10:51:16 AM by AutoGen 5.18
+# It has been AutoGen-ed  November 23, 2013 at 10:34:43 AM by AutoGen 5.18.2
 # From the definitions    ../src/cli-args.def
 # and the template file   agtexi-cmd.tpl
 @end ignore
@@ -120,17 +120,33 @@ Please send bug reports to:  <bugs@@gnutls.org>
 @subheading debug option (-d)
 
 This is the ``enable debugging.'' option.
-This option takes an argument number.
+This option takes a number argument.
 Specifies the debug level.
 @anchor{gnutls-cli tofu}
 @subheading tofu option
 
 This is the ``enable trust on first use authentication'' option.
+
+@noindent
+This option has some usage constraints.  It:
+@itemize @bullet
+@item
+can be disabled with --no-tofu.
+@end itemize
+
 This option will, in addition to certificate authentication, perform authentication based on previously seen public keys, a model similar to SSH authentication.
 @anchor{gnutls-cli dane}
 @subheading dane option
 
 This is the ``enable dane certificate verification (dnssec)'' option.
+
+@noindent
+This option has some usage constraints.  It:
+@itemize @bullet
+@item
+can be disabled with --no-dane.
+@end itemize
+
 This option will, in addition to certificate authentication using 
 the trusted CAs, verify the server certificates using on the DANE information
 available via DNSSEC.
@@ -138,6 +154,14 @@ available via DNSSEC.
 @subheading local-dns option
 
 This is the ``use the local dns server for dnssec resolving.'' option.
+
+@noindent
+This option has some usage constraints.  It:
+@itemize @bullet
+@item
+can be disabled with --no-local-dns.
+@end itemize
+
 This option will use the local DNS server for DNSSEC.
 This is disabled by default due to many servers not allowing DNSSEC.
 @anchor{gnutls-cli ca-verification}
@@ -149,7 +173,9 @@ This is the ``disable ca certificate verification'' option.
 This option has some usage constraints.  It:
 @itemize @bullet
 @item
-is enabled by default.
+can be disabled with --no-ca-verification.
+@item
+It is enabled by default.
 @end itemize
 
 This option will disable CA certificate verification. It is to be used with the --dane or --tofu options.
@@ -157,6 +183,14 @@ This option will disable CA certificate verification. It is to be used with the
 @subheading ocsp option
 
 This is the ``enable ocsp certificate verification'' option.
+
+@noindent
+This option has some usage constraints.  It:
+@itemize @bullet
+@item
+can be disabled with --no-ocsp.
+@end itemize
+
 This option will enable verification of the peer's certificate using ocsp
 @anchor{gnutls-cli resume}
 @subheading resume option (-r)
@@ -182,13 +216,13 @@ This option disables all TLS extensions. Deprecated option. Use the priority str
 @subheading dh-bits option
 
 This is the ``the minimum number of bits allowed for dh'' option.
-This option takes an argument number.
+This option takes a number argument.
 This option sets the minimum number of bits allowed for a Diffie-Hellman key exchange. You may want to lower the default value if the peer sends a weak prime and you get an connection error with unacceptable prime.
 @anchor{gnutls-cli priority}
 @subheading priority option
 
 This is the ``priorities string'' option.
-This option takes an argument string.
+This option takes a string argument.
 TLS algorithms and protocols to enable. You can
 use predefined sets of ciphersuites such as PERFORMANCE,
 NORMAL, SECURE128, SECURE256.
diff --git a/doc/invoke-gnutls-serv.texi b/doc/invoke-gnutls-serv.texi
index c884d7dbe1..96f21c0d70 100644
--- a/doc/invoke-gnutls-serv.texi
+++ b/doc/invoke-gnutls-serv.texi
@@ -6,7 +6,7 @@
 #
 # DO NOT EDIT THIS FILE   (invoke-gnutls-serv.texi)
 #
-# It has been AutoGen-ed  November 16, 2013 at 10:51:19 AM by AutoGen 5.18
+# It has been AutoGen-ed  November 23, 2013 at 10:34:45 AM by AutoGen 5.18.2
 # From the definitions    ../src/serv-args.def
 # and the template file   agtexi-cmd.tpl
 @end ignore
@@ -103,7 +103,7 @@ Please send bug reports to:  <bugs@@gnutls.org>
 @subheading debug option (-d)
 
 This is the ``enable debugging.'' option.
-This option takes an argument number.
+This option takes a number argument.
 Specifies the debug level.
 @anchor{gnutls-serv heartbeat}
 @subheading heartbeat option (-b)
@@ -114,7 +114,7 @@ Regularly ping client via heartbeat extension messages
 @subheading priority option
 
 This is the ``priorities string'' option.
-This option takes an argument string.
+This option takes a string argument.
 TLS algorithms and protocols to enable. You can
 use predefined sets of ciphersuites such as PERFORMANCE,
 NORMAL, SECURE128, SECURE256.
@@ -125,7 +125,7 @@ information on allowed keywords
 @subheading ocsp-response option
 
 This is the ``the ocsp response to send to client'' option.
-This option takes an argument file.
+This option takes a file argument.
 If the client requested an OCSP response, return data from this file to the client.
 @anchor{gnutls-serv list}
 @subheading list option (-l)
diff --git a/doc/invoke-ocsptool.texi b/doc/invoke-ocsptool.texi
index a954440fe3..9c408ca1a3 100644
--- a/doc/invoke-ocsptool.texi
+++ b/doc/invoke-ocsptool.texi
@@ -6,7 +6,7 @@
 #
 # DO NOT EDIT THIS FILE   (invoke-ocsptool.texi)
 #
-# It has been AutoGen-ed  November 16, 2013 at 10:51:23 AM by AutoGen 5.18
+# It has been AutoGen-ed  November 23, 2013 at 10:34:48 AM by AutoGen 5.18.2
 # From the definitions    ../src/ocsptool-args.def
 # and the template file   agtexi-cmd.tpl
 @end ignore
@@ -92,13 +92,13 @@ Please send bug reports to:  <bugs@@gnutls.org>
 @subsubheading debug option (-d)
 
 This is the ``enable debugging.'' option.
-This option takes an argument number.
+This option takes a number argument.
 Specifies the debug level.
 @anchor{ocsptool ask}
 @subsubheading ask option
 
 This is the ``ask an ocsp/http server on a certificate validity'' option.
-This option takes an optional argument string @file{server name|url}.
+This option takes an optional string argument @file{server name|url}.
 
 @noindent
 This option has some usage constraints.  It:
diff --git a/doc/invoke-p11tool.texi b/doc/invoke-p11tool.texi
index e790dfc7ca..549df710cf 100644
--- a/doc/invoke-p11tool.texi
+++ b/doc/invoke-p11tool.texi
@@ -6,7 +6,7 @@
 #
 # DO NOT EDIT THIS FILE   (invoke-p11tool.texi)
 #
-# It has been AutoGen-ed  November 16, 2013 at 10:51:25 AM by AutoGen 5.18
+# It has been AutoGen-ed  November 23, 2013 at 10:34:50 AM by AutoGen 5.18.2
 # From the definitions    ../src/p11tool-args.def
 # and the template file   agtexi-cmd.tpl
 @end ignore
@@ -117,7 +117,7 @@ Please send bug reports to:  <bugs@@gnutls.org>
 @subsubheading debug option (-d)
 
 This is the ``enable debugging.'' option.
-This option takes an argument number.
+This option takes a number argument.
 Specifies the debug level.
 @anchor{p11tool write}
 @subsubheading write option
@@ -148,7 +148,9 @@ This is the ``marks the object to be written as private'' option.
 This option has some usage constraints.  It:
 @itemize @bullet
 @item
-is enabled by default.
+can be disabled with --no-private.
+@item
+It is enabled by default.
 @end itemize
 
 The written object will require a PIN to be used.
@@ -156,12 +158,20 @@ The written object will require a PIN to be used.
 @subsubheading sec-param option
 
 This is the ``specify the security level'' option.
-This option takes an argument string @file{Security parameter}.
+This option takes a string argument @file{Security parameter}.
 This is alternative to the bits option. Available options are [low, legacy, normal, high, ultra].
 @anchor{p11tool inder}
 @subsubheading inder option
 
 This is the ``use der/raw format for input'' option.
+
+@noindent
+This option has some usage constraints.  It:
+@itemize @bullet
+@item
+can be disabled with --no-inder.
+@end itemize
+
 Use DER/RAW format for input certificates and private keys.
 @anchor{p11tool inraw}
 @subsubheading inraw option
@@ -173,7 +183,7 @@ This is an alias for the @code{inder} option,
 @subsubheading provider option
 
 This is the ``specify the pkcs #11 provider library'' option.
-This option takes an argument file.
+This option takes a file argument.
 This will override the default options in /etc/gnutls/pkcs11.conf
 @anchor{p11tool exit status}
 @subsubheading p11tool exit status
diff --git a/doc/invoke-psktool.texi b/doc/invoke-psktool.texi
index 53eb6eca26..51c1c7f5f2 100644
--- a/doc/invoke-psktool.texi
+++ b/doc/invoke-psktool.texi
@@ -6,7 +6,7 @@
 #
 # DO NOT EDIT THIS FILE   (invoke-psktool.texi)
 #
-# It has been AutoGen-ed  November 16, 2013 at 10:51:24 AM by AutoGen 5.18
+# It has been AutoGen-ed  November 23, 2013 at 10:34:49 AM by AutoGen 5.18.2
 # From the definitions    ../src/psk-args.def
 # and the template file   agtexi-cmd.tpl
 @end ignore
@@ -65,7 +65,7 @@ Please send bug reports to:  <bugs@@gnutls.org>
 @subsubheading debug option (-d)
 
 This is the ``enable debugging.'' option.
-This option takes an argument number.
+This option takes a number argument.
 Specifies the debug level.
 @anchor{psktool exit status}
 @subsubheading psktool exit status
diff --git a/doc/invoke-srptool.texi b/doc/invoke-srptool.texi
index e21f54a29b..b38bac50a3 100644
--- a/doc/invoke-srptool.texi
+++ b/doc/invoke-srptool.texi
@@ -6,7 +6,7 @@
 #
 # DO NOT EDIT THIS FILE   (invoke-srptool.texi)
 #
-# It has been AutoGen-ed  November 16, 2013 at 10:51:21 AM by AutoGen 5.18
+# It has been AutoGen-ed  November 23, 2013 at 10:34:47 AM by AutoGen 5.18.2
 # From the definitions    ../src/srptool-args.def
 # and the template file   agtexi-cmd.tpl
 @end ignore
@@ -77,7 +77,7 @@ Please send bug reports to:  <bugs@@gnutls.org>
 @subsubheading debug option (-d)
 
 This is the ``enable debugging.'' option.
-This option takes an argument number.
+This option takes a number argument.
 Specifies the debug level.
 @anchor{srptool verify}
 @subsubheading verify option
@@ -88,13 +88,13 @@ Verifies the password provided against the password file.
 @subsubheading passwd-conf option (-v)
 
 This is the ``specify a password conf file.'' option.
-This option takes an argument string.
+This option takes a string argument.
 Specify a filename or a PKCS #11 URL to read the CAs from.
 @anchor{srptool create-conf}
 @subsubheading create-conf option
 
 This is the ``generate a password configuration file.'' option.
-This option takes an argument string.
+This option takes a string argument.
 This generates a password configuration file (tpasswd.conf)
 containing the required for TLS parameters.
 @anchor{srptool exit status}
diff --git a/doc/invoke-tpmtool.texi b/doc/invoke-tpmtool.texi
index 710ce69c75..073ebc8c12 100644
--- a/doc/invoke-tpmtool.texi
+++ b/doc/invoke-tpmtool.texi
@@ -6,7 +6,7 @@
 #
 # DO NOT EDIT THIS FILE   (invoke-tpmtool.texi)
 #
-# It has been AutoGen-ed  November 16, 2013 at 10:51:26 AM by AutoGen 5.18
+# It has been AutoGen-ed  November 23, 2013 at 10:34:52 AM by AutoGen 5.18.2
 # From the definitions    ../src/tpmtool-args.def
 # and the template file   agtexi-cmd.tpl
 @end ignore
@@ -85,7 +85,7 @@ Please send bug reports to:  <bugs@@gnutls.org>
 @subsubheading debug option (-d)
 
 This is the ``enable debugging.'' option.
-This option takes an argument number.
+This option takes a number argument.
 Specifies the debug level.
 @anchor{tpmtool generate-rsa}
 @subsubheading generate-rsa option
@@ -132,13 +132,21 @@ The generated key will be stored in system persistent storage.
 @subsubheading sec-param option
 
 This is the ``specify the security level [low, legacy, normal, high, ultra].'' option.
-This option takes an argument string @file{Security parameter}.
+This option takes a string argument @file{Security parameter}.
 This is alternative to the bits option. Note however that the
 values allowed by the TPM chip are quantized and given values may be rounded up.
 @anchor{tpmtool inder}
 @subsubheading inder option
 
 This is the ``use the der format for keys.'' option.
+
+@noindent
+This option has some usage constraints.  It:
+@itemize @bullet
+@item
+can be disabled with --no-inder.
+@end itemize
+
 The input files will be assumed to be in the portable
 DER format of TPM. The default format is a custom format used by various
 TPM tools
@@ -146,6 +154,14 @@ TPM tools
 @subsubheading outder option
 
 This is the ``use der format for output keys'' option.
+
+@noindent
+This option has some usage constraints.  It:
+@itemize @bullet
+@item
+can be disabled with --no-outder.
+@end itemize
+
 The output will be in the TPM portable DER format.
 @anchor{tpmtool exit status}
 @subsubheading tpmtool exit status
diff --git a/doc/manpages/tpmtool.1 b/doc/manpages/tpmtool.1
index 73505ac6bd..af9565b934 100644
--- a/doc/manpages/tpmtool.1
+++ b/doc/manpages/tpmtool.1
@@ -1,8 +1,8 @@
-.TH tpmtool 1 "29 May 2013" "@VERSION@" "User Commands"
+.TH tpmtool 1 "23 Nov 2013" "@VERSION@" "User Commands"
 .\"
 .\"  DO NOT EDIT THIS FILE   (tpmtool-args.man)
 .\"
-.\"  It has been AutoGen-ed  May 29, 2013 at 07:52:40 PM by AutoGen 5.17.3
+.\"  It has been AutoGen-ed  November 23, 2013 at 10:35:39 AM by AutoGen 5.18.2
 .\"  From the definitions    ../../src/tpmtool-args.def.tmp
 .\"  and the template file   agman-cmd.tpl
 .\"
@@ -19,7 +19,7 @@ All arguments must be options.
 Program that allows handling cryptographic data from the TPM chip.
 .SH "OPTIONS"
 .TP
-.BR \-d " \fInumber\fP, " \-\-debug "=" \fInumber\fP
+.BR  \-d " \fInumber\fP, " \-\-debug "=" \fInumber\fP
 Enable debugging..
 This option takes an integer number as its argument.
 The value of \fInumber\fP is constrained to being:
@@ -32,28 +32,28 @@ in the range  0 through 9999
 .sp
 Specifies the debug level.
 .TP
-.BR \-\-infile "=\fIfile\fP"
+.BR  \-\-infile "=\fIfile\fP"
 Input file.
 .sp
 .TP
-.BR \-\-outfile "=\fIstring\fP"
+.BR  \-\-outfile "=\fIstring\fP"
 Output file.
 .sp
 .TP
-.BR \-\-generate\-rsa
+.BR  \-\-generate\-rsa
 Generate an RSA private-public key pair.
 .sp
 Generates an RSA private-public key pair in the TPM chip. 
 The key may be stored in filesystem and protected by a PIN, or stored (registered)
 in the TPM chip flash.
 .TP
-.BR \-\-register
+.BR  \-\-register
 Any generated key will be registered in the TPM.
 This option must appear in combination with the following options:
 generate-rsa.
 .sp
 .TP
-.BR \-\-signing
+.BR  \-\-signing
 Any generated key will be a signing key.
 This option must appear in combination with the following options:
 generate-rsa.
@@ -61,7 +61,7 @@ This option must not appear in combination with any of the following options:
 legacy.
 .sp
 .TP
-.BR \-\-legacy
+.BR  \-\-legacy
 Any generated key will be a legacy key.
 This option must appear in combination with the following options:
 generate-rsa.
@@ -69,7 +69,7 @@ This option must not appear in combination with any of the following options:
 signing.
 .sp
 .TP
-.BR \-\-user
+.BR  \-\-user
 Any registered key will be a user key.
 This option must appear in combination with the following options:
 register.
@@ -78,7 +78,7 @@ system.
 .sp
 The generated key will be stored in a user specific persistent storage.
 .TP
-.BR \-\-system
+.BR  \-\-system
 Any registred key will be a system key.
 This option must appear in combination with the following options:
 register.
@@ -87,30 +87,30 @@ user.
 .sp
 The generated key will be stored in system persistent storage.
 .TP
-.BR \-\-pubkey "=\fIurl\fP"
+.BR  \-\-pubkey "=\fIurl\fP"
 Prints the public key of the provided key.
 .sp
 .TP
-.BR \-\-list
+.BR  \-\-list
 Lists all stored keys in the TPM.
 .sp
 .TP
-.BR \-\-delete "=\fIurl\fP"
+.BR  \-\-delete "=\fIurl\fP"
 Delete the key identified by the given URL (UUID)..
 .sp
 .TP
-.BR \-\-sec\-param "=\fIsecurity parameter\fP"
+.BR  \-\-sec\-param "=\fIsecurity parameter\fP"
 Specify the security level [low, legacy, normal, high, ultra]..
 .sp
 This is alternative to the bits option. Note however that the
 values allowed by the TPM chip are quantized and given values may be rounded up.
 .TP
-.BR \-\-bits "=\fInumber\fP"
+.BR  \-\-bits "=\fInumber\fP"
 Specify the number of bits for key generate.
 This option takes an integer number as its argument.
 .sp
 .TP
-.BR \-\-inder, " \fB\-\-no\-inder\fP"
+.BR  \-\-inder, " \fB\-\-no\-inder\fP"
 Use the DER format for keys..
 The \fIno\-inder\fP form will disable the option.
 .sp
@@ -118,7 +118,7 @@ The input files will be assumed to be in the portable
 DER format of TPM. The default format is a custom format used by various
 TPM tools
 .TP
-.BR \-\-outder, " \fB\-\-no\-outder\fP"
+.BR  \-\-outder, " \fB\-\-no\-outder\fP"
 Use DER format for output keys.
 The \fIno\-outder\fP form will disable the option.
 .sp
@@ -130,7 +130,7 @@ Display usage information and exit.
 .BR \-! , " \-\-more-help"
 Pass the extended usage information through a pager.
 .TP
-.BR \-v " [{\fIv|c|n\fP}]," " \-\-version" "[=\fI{v|c|n}\fP]"
+.BR \-v " [{\fIv|c|n\fP}]," " \-\-version" "[={\fIv|c|n\fP}]"
 Output version of program and exit.  The default mode is `v', a simple
 version.  The `c' mode will print copyright information and `n' will
 print the full copyright notice.
@@ -195,7 +195,7 @@ Nikos Mavrogiannopoulos, Simon Josefsson and others; see /usr/share/doc/gnutls-b
 Copyright (C) 2000-2012 Free Software Foundation all rights reserved.
 This program is released under the terms of the GNU General Public License, version 3 or later.
 .SH "BUGS"
-Please send bug reports to: bug-gnutls@gnu.org
+Please send bug reports to: bugs@gnutls.org
 .SH "NOTES"
 This manual page was \fIAutoGen\fP-erated from the \fBtpmtool\fP
 option definitions.