diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-08-04 13:09:57 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-08-04 13:12:50 +0200 |
commit | ac9f8f44da045aaca5b4bd257fc99046596adc69 (patch) | |
tree | 5e9c82456367eef926d69fb3642920f11ab3ce58 /lib/x509/privkey.c | |
parent | b0962b305de154fa3fce0b3c5a4b10958fd30ce7 (diff) | |
download | gnutls-ac9f8f44da045aaca5b4bd257fc99046596adc69.tar.gz |
Restored ability to decrypt PKCS #8 and #12 keys with a NULL password. Certtool now accepts the option --null-password.
Diffstat (limited to 'lib/x509/privkey.c')
-rw-r--r-- | lib/x509/privkey.c | 17 |
1 files changed, 11 insertions, 6 deletions
diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c index 9d32025db0..98095aa5a0 100644 --- a/lib/x509/privkey.c +++ b/lib/x509/privkey.c @@ -564,6 +564,7 @@ failover: * @data: The DER or PEM encoded certificate. * @format: One of DER or PEM * @password: A password (optional) + * @flags: an ORed sequence of gnutls_pkcs_encrypt_flags_t * * This function will import the given DER or PEM encoded key, to * the native #gnutls_x509_privkey_t format, irrespective of the @@ -582,11 +583,11 @@ int gnutls_x509_privkey_import2 (gnutls_x509_privkey_t key, const gnutls_datum_t * data, gnutls_x509_crt_fmt_t format, - const char* password) + const char* password, unsigned int flags) { int ret = 0; - if (password == NULL) + if (password == NULL && !(flags & GNUTLS_PKCS_NULL_PASSWORD)) { ret = gnutls_x509_privkey_import(key, data, format); if (ret < 0) @@ -595,12 +596,12 @@ gnutls_x509_privkey_import2 (gnutls_x509_privkey_t key, } } - if (password != NULL || ret < 0) + if ((password != NULL || (flags & GNUTLS_PKCS_NULL_PASSWORD)) || ret < 0) { - ret = gnutls_x509_privkey_import_pkcs8(key, data, format, password, 0); + ret = gnutls_x509_privkey_import_pkcs8(key, data, format, password, flags); if (ret < 0) { - if (format == GNUTLS_X509_FMT_PEM) + if (format == GNUTLS_X509_FMT_PEM && password != NULL) { int err; err = gnutls_x509_privkey_import_openssl(key, data, password); @@ -611,8 +612,12 @@ gnutls_x509_privkey_import2 (gnutls_x509_privkey_t key, goto cleanup; } } + else + { + gnutls_assert(); + goto cleanup; + } } - } ret = 0; |