certtool: print a PKCS #8 key even if it is not encrypted.

2 files changed, 29 insertions, 4 deletions

diff --git a/NEWS b/NEWS
index 3a803a14ca..2a820b4880 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,24 @@ See the end for copying conditions.
 
 * Version 2.6.1 (unreleased)
 
+** certtool: print a PKCS #8 key even if it is not encrypted.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.7.0 (released 2008-10-16)
+
+** libgnutls: Added functions to handle CRL extensions.
+
+** libgnutls: Added functions to handle X.509 extensions in Certificate
+Requests.
+
+** libgnutls: Improved error string for GNUTLS_E_AGAIN.
+Suggested by "Lavrentiev, Anton (NIH/NLM/NCBI) [C]" <lavr@ncbi.nlm.nih.gov>.
+
+** certtool: Print and set CRL and CRQ extensions.
+>>>>>>> 3eab289... certtool: print a PKCS #8 key even if it is not encrypted.:NEWS
+
 ** libgnutls-extra: Protect internal symbols with static.
 Fixes problem when linking certtool statically.  Tiny patch from Aaron
 Ucko <ucko@ncbi.nlm.nih.gov>.
diff --git a/src/certtool.c b/src/certtool.c
index b7c77eaf2c..2b48984914 100644
--- a/src/certtool.c
+++ b/src/certtool.c
@@ -1377,13 +1377,20 @@ privkey_info (void)
   /* If we failed to import the certificate previously try PKCS #8 */
   if (info.pkcs8 || ret == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR)
     {
-      if (info.pass)
-	pass = info.pass;
-      else
-	pass = get_pass ();
+      /* first try to import the key without asking any password */
       ret =
 	gnutls_x509_privkey_import_pkcs8 (key, &pem, info.incert_format,
+					  NULL, GNUTLS_PKCS_PLAIN);
+      if (ret < 0) 
+        {
+	  if (info.pass)
+	    pass = info.pass;
+	  else
+	    pass = get_pass ();
+          ret = 
+	    gnutls_x509_privkey_import_pkcs8 (key, &pem, info.incert_format, 
 					  pass, 0);
+	}
     }
   if (ret < 0)
     error (EXIT_FAILURE, 0, "Import error: %s", gnutls_strerror (ret));