diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-04-14 10:54:49 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-04-14 10:54:51 +0200 |
| commit | da9b4e323e246598129c018d727d35a4e20b6038 (patch) | |
| tree | c457edce1dc1ed5498ce0517acd2a31cd7161d35 | |
| parent | 7cbe6a5afdadc099addc324bf5567c5fd259f107 (diff) | |
| download | gnutls-da9b4e323e246598129c018d727d35a4e20b6038.tar.gz | |
certtool: do not allow combining --provable with --ecc in key generation
There is no such support in the library.
| -rw-r--r-- | src/certtool.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/certtool.c b/src/certtool.c index 18d272439b..db8e626164 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -139,6 +139,12 @@ generate_private_key_int(common_info_st * cinfo) fprintf(stderr, "Note that ECDSA keys with size less than 256 are not widely supported.\n\n"); + if (provable && (key_type != GNUTLS_PK_RSA && key_type != GNUTLS_PK_DSA)) { + fprintf(stderr, + "The --provable parameter cannot be used with ECDSA keys.\n"); + exit(1); + } + if (bits > 1024 && key_type == GNUTLS_PK_DSA) fprintf(stderr, "Note that DSA keys with size over 1024 may cause incompatibility problems when used with earlier than TLS 1.2 versions.\n\n"); |