diff options
author | Simon Josefsson <simon@josefsson.org> | 2008-05-16 14:03:19 +0200 |
---|---|---|
committer | Simon Josefsson <simon@josefsson.org> | 2008-05-16 14:03:19 +0200 |
commit | 6f774053240717cac8ec2d0b475e3e33dd89444d (patch) | |
tree | 2cf4035ac4391ca8fb001f3ccbcd82b1af119c93 | |
parent | c57f119c666de217efbcb1e81d387f71ce050e37 (diff) | |
download | gnutls-6f774053240717cac8ec2d0b475e3e33dd89444d.tar.gz |
certtool: Encrypting a private key now require a confirmed password.
Before, './certtool -k -8' would merely ask for a password once.
Reported by Daniel 'NebuchadnezzaR' Dehennin
<nebuchadnezzar@asgardr.info> see
<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=364287>.
-rw-r--r-- | NEWS | 6 | ||||
-rw-r--r-- | THANKS | 1 | ||||
-rw-r--r-- | src/certtool-cfg.c | 32 | ||||
-rw-r--r-- | src/certtool-cfg.h | 2 | ||||
-rw-r--r-- | src/certtool.c | 2 |
5 files changed, 41 insertions, 2 deletions
@@ -15,6 +15,12 @@ Based on report and tiny patches from ** gnutls-cli: Fix so that PSK authentication works. Also improve manual to give example for gnutls-cli PSK authentication. +** certtool: Encrypting a private key now require a confirmed password. +Before './certtool -k -8' would merely ask for a password once. +Reported by Daniel 'NebuchadnezzaR' Dehennin +<nebuchadnezzar@asgardr.info> see +<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=364287>. + ** guile: Fix -fgnu89-inline test. ** Removed --enable-profile-mode. @@ -80,6 +80,7 @@ Rainer Gerhards <rgerhards@gmail.com> John Brooks <aspecialj@gmail.com> Massimo Gaspari <massimo.gaspari@alice.it> Marc F. Clemente <marc@mclemente.net> +Daniel Dehennin <nebuchadnezzar@asgardr.info> ---------------------------------------------------------------------- Copying and distribution of this file, with or without modification, diff --git a/src/certtool-cfg.c b/src/certtool-cfg.c index bdb61b9a83..ca3431508c 100644 --- a/src/certtool-cfg.c +++ b/src/certtool-cfg.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2006, 2007 Free Software Foundation + * Copyright (C) 2004, 2005, 2006, 2007, 2008 Free Software Foundation * * This file is part of GNUTLS. * @@ -308,6 +308,36 @@ get_pass (void) } const char * +get_confirmed_pass (bool empty_ok) +{ + if (batch) + return cfg.password; + else + { + const char *pass = NULL; + char *copy = NULL; + + do + { + if (pass) + printf ("Password missmatch, try again.\n"); + + if (copy) + free (copy); + + pass = getpass ("Enter password: "); + copy = strdup (pass); + pass = getpass ("Confirm password: "); + } + while (strcmp (pass, copy) != 0 && !(empty_ok && *pass == '\0')); + + free (copy); + + return pass; + } +} + +const char * get_challenge_pass (void) { if (batch) diff --git a/src/certtool-cfg.h b/src/certtool-cfg.h index 81c48e9fbf..af6576e3c4 100644 --- a/src/certtool-cfg.h +++ b/src/certtool-cfg.h @@ -1,3 +1,4 @@ +#include <stdbool.h> #include <gnutls/x509.h> extern char *organization, *unit, *locality, *state; @@ -21,6 +22,7 @@ const char *read_str (const char *input_str); int read_yesno (const char *input_str); const char *get_pass (void); +const char *get_confirmed_pass (bool empty_ok); const char *get_challenge_pass (void); const char *get_crl_dist_point_url (void); void get_country_crt_set (gnutls_x509_crt_t crt); diff --git a/src/certtool.c b/src/certtool.c index a59319fc55..0e9a720fa8 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -219,7 +219,7 @@ print_private_key (gnutls_x509_privkey_t key) else flags = GNUTLS_PKCS_USE_PKCS12_3DES; - if ((pass = get_pass ()) == NULL || *pass == '\0') + if ((pass = get_confirmed_pass (true)) == NULL || *pass == '\0') flags = GNUTLS_PKCS_PLAIN; size = sizeof (buffer); |