From 3feac2af3c11996fb8371d7d035692fbc8c74bd2 Mon Sep 17 00:00:00 2001
From: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date: Wed, 27 May 2020 23:42:01 +0300
Subject: certtool: do not ask for private key password if it was provided

Make pin_callback() use cinfo->password if it is set (via command line
or from template).

Fixes #933

Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
---
 src/common.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/common.c b/src/common.c
index 753481741b..a7e784e666 100644
--- a/src/common.c
+++ b/src/common.c
@@ -1138,6 +1138,15 @@ pin_callback(void *user, int attempt, const char *token_url,
 			getenv_copy(password, sizeof(password), "GNUTLS_PIN");
 	}
 
+	if (password[0] == 0 && info != NULL && info->password != NULL && info->ask_pass == 0) {
+		if (strlen(info->password) < sizeof(password)) {
+			strcpy(password, info->password);
+		} else {
+			memcpy(password, info->password, sizeof(password) - 1);
+			password[sizeof(password) - 1] = '\0';
+		}
+	}
+
 	if (password[0] == 0 && (info == NULL || info->batch == 0 || info->ask_pass != 0)) {
 		if (token_label && token_label[0] != 0) {
 			fprintf(stderr, "Token '%s' with URL '%s' ", token_label, token_url);
-- 
cgit v1.2.1