diff options
Diffstat (limited to 'lib/x509/privkey_pkcs8.c')
-rw-r--r-- | lib/x509/privkey_pkcs8.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/lib/x509/privkey_pkcs8.c b/lib/x509/privkey_pkcs8.c index 95711ce865..d5b02437e2 100644 --- a/lib/x509/privkey_pkcs8.c +++ b/lib/x509/privkey_pkcs8.c @@ -626,7 +626,7 @@ gnutls_x509_privkey_export_pkcs8 (gnutls_x509_privkey_t key, schema = _gnutls_pkcs_flags_to_schema (flags); - if ((flags & GNUTLS_PKCS_PLAIN) || password == NULL) + if (((flags & GNUTLS_PKCS_PLAIN) || password == NULL) && !(flags & GNUTLS_PKCS_NULL_PASSWORD)) { _gnutls_free_datum (&tmp); @@ -640,7 +640,7 @@ gnutls_x509_privkey_export_pkcs8 (gnutls_x509_privkey_t key, else { asn1_delete_structure (&pkey_info); /* we don't need it */ - + ret = encode_to_pkcs8_key (schema, &tmp, password, &pkcs8_asn); _gnutls_free_datum (&tmp); @@ -1239,7 +1239,11 @@ gnutls_x509_privkey_import_pkcs8 (gnutls_x509_privkey_t key, need_free = 1; } - if (password == NULL || (flags & GNUTLS_PKCS_PLAIN)) + /* Here we don't check for password == NULL to maintain a backwards + * compatibility behavior, with old versions that were encrypting using + * a NULL password. + */ + if (flags & GNUTLS_PKCS_PLAIN) { result = decode_private_key_info (&_data, key); if (result < 0) |