diff options
| author | Dmitry Baryshkov <dbaryshkov@gmail.com> | 2020-05-28 00:05:35 +0300 |
|---|---|---|
| committer | Dmitry Baryshkov <dbaryshkov@gmail.com> | 2020-05-28 14:12:32 +0300 |
| commit | 5fca5aaf137eeaa9058847f5390fdc3d89926ade (patch) | |
| tree | 00f96cc4f8ca89dc37e6265aa252d8ad615a2219 | |
| parent | 3feac2af3c11996fb8371d7d035692fbc8c74bd2 (diff) | |
| download | gnutls-tmp-fix-cert-pass.tar.gz | |
p12: do not encrypt encrypt certificate bag with empty passwordtmp-fix-cert-pass
Do not encrypt certificate bag if the user has specified empty password
(--password ''). Encryption can be turned on by specifying
--empty-password.
Fixes #888
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
| -rw-r--r-- | src/certtool.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/certtool.c b/src/certtool.c index a46f774114..e5e93d719b 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -3027,7 +3027,8 @@ void generate_pkcs12(common_info_st * cinfo) app_exit(1); } - result = gnutls_pkcs12_bag_encrypt(bag, pass, flags); + if (!(flags & GNUTLS_PKCS_PLAIN) || cinfo->empty_password) + result = gnutls_pkcs12_bag_encrypt(bag, pass, flags); if (result < 0) { fprintf(stderr, "bag_encrypt: %s\n", gnutls_strerror(result)); |