diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-05-29 08:55:47 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-05-29 09:26:56 +0200 |
| commit | 18f58ec65e9cf19d5550f9a18fbd323de675319b (patch) | |
| tree | c16ef3329e3ae7d1fc41437acbe87f5bd923d65b | |
| parent | 7de197b5757ce5da407776a7ab8faadfd658f7e6 (diff) | |
| download | gnutls-tmp-rsa-pss-addition.tar.gz | |
certtool: do not ask for password when exporting to PKCS#8 implicitlytmp-rsa-pss-addition
Previously --generate-privkey wouldn't ask for password unless --pkcs8
was explicitly given. Keep that behavior, and do not ask for any password
even if we need to export to PKCS#8 for some key types. Always require
the --pkcs8 option to encrypt with password.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| -rw-r--r-- | src/certtool.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/src/certtool.c b/src/certtool.c index a6aca6f116..514dd381fa 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -128,6 +128,11 @@ int main(int argc, char **argv) return 0; } +#define ENABLE_PKCS8(cinfo) \ + cinfo->pkcs8 = 1; \ + if (!HAVE_OPT(PASSWORD) && cinfo->password == NULL) \ + cinfo->password = "" + static gnutls_x509_privkey_t generate_private_key_int(common_info_st * cinfo) { @@ -148,7 +153,7 @@ generate_private_key_int(common_info_st * cinfo) if (key_type == GNUTLS_PK_RSA_PSS && !cinfo->pkcs8) { fprintf(stderr, "Assuming --pkcs8 is given; RSA-PSS private keys can only be exported in PKCS#8 format\n"); - cinfo->pkcs8 = 1; + ENABLE_PKCS8(cinfo); } if (key_type == GNUTLS_PK_EC) { |