diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-09-06 08:49:01 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-09-06 08:49:05 +0200 |
| commit | 9523e8fba08a1211671496110203a795d7244e89 (patch) | |
| tree | 5871e86d4bf61266567d6c6a102bdc5866d74910 | |
| parent | e11ad053957a0fe0349d24c7d251ac3e2f4bfe1e (diff) | |
| download | gnutls-9523e8fba08a1211671496110203a795d7244e89.tar.gz | |
p11tool: do not mark written objects as private by default
That is, when --mark-private or --no-mark-private are not specified,
set non-private for public objects and private for private ones.
| -rw-r--r-- | src/p11tool-args.def | 1 | ||||
| -rw-r--r-- | src/p11tool.c | 14 |
2 files changed, 10 insertions, 5 deletions
diff --git a/src/p11tool-args.def b/src/p11tool-args.def index ad48928368..b9155c921c 100644 --- a/src/p11tool-args.def +++ b/src/p11tool-args.def @@ -270,7 +270,6 @@ flag = { flag = { name = mark-private; disable = "no"; - enabled; descrip = "Marks the object to be written as private"; doc = "Marks the object to be generated/written with the CKA_PRIVATE flag. The written object will require a PIN to be used."; }; diff --git a/src/p11tool.c b/src/p11tool.c index c21b05922f..15695bb21e 100644 --- a/src/p11tool.c +++ b/src/p11tool.c @@ -68,7 +68,7 @@ int main(int argc, char **argv) } static -unsigned opt_to_flags(unsigned *key_usage) +unsigned opt_to_flags(common_info_st *cinfo, unsigned *key_usage) { unsigned flags = 0; @@ -80,6 +80,12 @@ unsigned opt_to_flags(unsigned *key_usage) } else { flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE; } + } else { /* if not given mark as private the private objects, and public the public ones */ + if (cinfo->privkey) + flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE; + else if (cinfo->pubkey || cinfo->cert) + flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE; + /* else set the defaults of the token */ } if (ENABLED_OPT(MARK_TRUSTED)) @@ -175,9 +181,6 @@ static void cmd_parser(int argc, char **argv) memset(&cinfo, 0, sizeof(cinfo)); - flags = opt_to_flags(&key_usage); - cinfo.key_usage = key_usage; - if (HAVE_OPT(SECRET_KEY)) cinfo.secret_key = OPT_ARG(SECRET_KEY); @@ -241,6 +244,9 @@ static void cmd_parser(int argc, char **argv) sec_param = OPT_ARG(SEC_PARAM); } + flags = opt_to_flags(&cinfo, &key_usage); + cinfo.key_usage = key_usage; + /* handle actions */ if (HAVE_OPT(LIST_TOKENS)) { |