certtool: do not allow combining --provable with --ecc in key generation

There is no such support in the library.

diff --git a/src/certtool.c b/src/certtool.c
index 18d272439bc8c110f1381396995b6ac15572bbe2..db8e626164901103c080a05fc24677778c44bd82 100644 (file)
--- a/src/certtool.c
+++ b/src/certtool.c
@@ -139,6 +139,12 @@ generate_private_key_int(common_info_st * cinfo)
                fprintf(stderr,
                        "Note that ECDSA keys with size less than 256 are not widely supported.\n\n");
 
+       if (provable && (key_type != GNUTLS_PK_RSA && key_type != GNUTLS_PK_DSA)) {
+               fprintf(stderr,
+                       "The --provable parameter cannot be used with ECDSA keys.\n");
+               exit(1);
+       }
+
        if (bits > 1024 && key_type == GNUTLS_PK_DSA)
                fprintf(stderr,
                        "Note that DSA keys with size over 1024 may cause incompatibility problems when used with earlier than TLS 1.2 versions.\n\n");