2 files changed, 14 insertions, 4 deletions

diff --git a/NEWS b/NEWS
index 883b806160..8f5367187f 100644
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,15 @@ GnuTLS NEWS -- History of user-visible changes.                -*- outline -*-
 Copyright (C) 2000-2012 Free Software Foundation, Inc.
 See the end for copying conditions.
 
+* Version 3.1.8 (unreleased)
+
+** Fixed issue in gnutls_x509_privkey_import2() which didn't return
+GNUTLS_E_DECRYPTION_FAILED in all cases.
+
+** API and ABI modifications:
+No changes since last version.
+
+
 * Version 3.1.7 (released 2012-02-04)
 
 ** certtool: Added option "dn" which allows to directly set the DN
diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c
index 7b31821b61..9c0863d32a 100644
--- a/lib/x509/privkey.c
+++ b/lib/x509/privkey.c
@@ -644,14 +644,15 @@ gnutls_x509_privkey_import2 (gnutls_x509_privkey_t key,
       ret = gnutls_x509_privkey_import_pkcs8(key, data, format, password, flags);
       if (ret < 0)
         {
+          if (ret == GNUTLS_E_DECRYPTION_FAILED) goto cleanup;
           ret = import_pkcs12_privkey(key, data, format, password, flags);
           if (ret < 0 && format == GNUTLS_X509_FMT_PEM)
             {
-              int err;
-              err = gnutls_x509_privkey_import_openssl(key, data, password);
-              if (err < 0)
+	      if (ret == GNUTLS_E_DECRYPTION_FAILED) goto cleanup;
+
+              ret = gnutls_x509_privkey_import_openssl(key, data, password);
+              if (ret < 0)
                 {
-                  if (err == GNUTLS_E_DECRYPTION_FAILED) ret = err;
                   gnutls_assert();
                   goto cleanup;
                 }