diff options
author | Dmitry Baryshkov <dbaryshkov@gmail.com> | 2020-05-28 00:05:35 +0300 |
---|---|---|
committer | Dmitry Baryshkov <dbaryshkov@gmail.com> | 2020-05-28 14:12:32 +0300 |
commit | 5fca5aaf137eeaa9058847f5390fdc3d89926ade (patch) | |
tree | 00f96cc4f8ca89dc37e6265aa252d8ad615a2219 /src | |
parent | 3feac2af3c11996fb8371d7d035692fbc8c74bd2 (diff) | |
download | gnutls-5fca5aaf137eeaa9058847f5390fdc3d89926ade.tar.gz |
p12: do not encrypt encrypt certificate bag with empty passwordtmp-fix-cert-pass
Do not encrypt certificate bag if the user has specified empty password
(--password ''). Encryption can be turned on by specifying
--empty-password.
Fixes #888
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
Diffstat (limited to 'src')
-rw-r--r-- | src/certtool.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/certtool.c b/src/certtool.c index a46f774114..e5e93d719b 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -3027,7 +3027,8 @@ void generate_pkcs12(common_info_st * cinfo) app_exit(1); } - result = gnutls_pkcs12_bag_encrypt(bag, pass, flags); + if (!(flags & GNUTLS_PKCS_PLAIN) || cinfo->empty_password) + result = gnutls_pkcs12_bag_encrypt(bag, pass, flags); if (result < 0) { fprintf(stderr, "bag_encrypt: %s\n", gnutls_strerror(result)); |