3 files changed, 34 insertions, 2 deletions

diff --git a/src/certtool-cfg.c b/src/certtool-cfg.c
index bdb61b9a83..ca3431508c 100644
--- a/src/certtool-cfg.c
+++ b/src/certtool-cfg.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004, 2005, 2006, 2007 Free Software Foundation
+ * Copyright (C) 2004, 2005, 2006, 2007, 2008 Free Software Foundation
  *
  * This file is part of GNUTLS.
  *
@@ -308,6 +308,36 @@ get_pass (void)
 }
 
 const char *
+get_confirmed_pass (bool empty_ok)
+{
+  if (batch)
+    return cfg.password;
+  else
+    {
+      const char *pass = NULL;
+      char *copy = NULL;
+
+      do
+	{
+	  if (pass)
+	    printf ("Password missmatch, try again.\n");
+
+	  if (copy)
+	    free (copy);
+
+	  pass = getpass ("Enter password: ");
+	  copy = strdup (pass);
+	  pass = getpass ("Confirm password: ");
+	}
+      while (strcmp (pass, copy) != 0 && !(empty_ok && *pass == '\0'));
+
+      free (copy);
+
+      return pass;
+    }
+}
+
+const char *
 get_challenge_pass (void)
 {
   if (batch)
diff --git a/src/certtool-cfg.h b/src/certtool-cfg.h
index 81c48e9fbf..af6576e3c4 100644
--- a/src/certtool-cfg.h
+++ b/src/certtool-cfg.h
@@ -1,3 +1,4 @@
+#include <stdbool.h>
 #include <gnutls/x509.h>
 
 extern char *organization, *unit, *locality, *state;
@@ -21,6 +22,7 @@ const char *read_str (const char *input_str);
 int read_yesno (const char *input_str);
 
 const char *get_pass (void);
+const char *get_confirmed_pass (bool empty_ok);
 const char *get_challenge_pass (void);
 const char *get_crl_dist_point_url (void);
 void get_country_crt_set (gnutls_x509_crt_t crt);
diff --git a/src/certtool.c b/src/certtool.c
index a59319fc55..0e9a720fa8 100644
--- a/src/certtool.c
+++ b/src/certtool.c
@@ -219,7 +219,7 @@ print_private_key (gnutls_x509_privkey_t key)
       else
 	flags = GNUTLS_PKCS_USE_PKCS12_3DES;
 
-      if ((pass = get_pass ()) == NULL || *pass == '\0')
+      if ((pass = get_confirmed_pass (true)) == NULL || *pass == '\0')
 	flags = GNUTLS_PKCS_PLAIN;
 
       size = sizeof (buffer);