From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Thu, 26 Mar 2015 15:46:43 +0000 (+0100)
Subject: p11tool: added --mark-no-sign and --mark-no-decrypt options
X-Git-Tag: gnutls_3_4_0~112
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=38b50bfa030de763c2f657267d9bcbe28bc5cd98;p=thirdparty%2Fgnutls.git

p11tool: added --mark-no-sign and --mark-no-decrypt options
---

diff --git a/src/p11tool-args.def b/src/p11tool-args.def
index 88ae8b4cd7..6009497d65 100644
--- a/src/p11tool-args.def
+++ b/src/p11tool-args.def
@@ -172,6 +172,22 @@ flag = {
     doc = "Marks the object to be generated/copied with the CKA_TRUST flag.";
 };
 
+flag = {
+    name      = mark-no-decrypt;
+    disable   = "no";
+    disabled;
+    descrip   = "Marks the object to be written for no decryption";
+    doc = "Marks the object to be generated/copied with the CKA_DECRYPT flag set to false.";
+};
+
+flag = {
+    name      = mark-no-sign;
+    disable   = "no";
+    disabled;
+    descrip   = "Marks the object to be written for no sign";
+    doc = "Marks the object to be generated/copied with the CKA_SIGN flag set to false.";
+};
+
 flag = {
     name      = mark-ca;
     disable   = "no";
diff --git a/src/p11tool.c b/src/p11tool.c
index fff8542ee6..c559067fbb 100644
--- a/src/p11tool.c
+++ b/src/p11tool.c
@@ -84,6 +84,14 @@ unsigned opt_to_flags(void)
 		flags |=
 		    GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED;
 
+	if (ENABLED_OPT(MARK_NO_SIGN))
+		flags |=
+		    GNUTLS_PKCS11_OBJ_FLAG_MARK_NO_SIGN;
+
+	if (ENABLED_OPT(MARK_NO_DECRYPT))
+		flags |=
+		    GNUTLS_PKCS11_OBJ_FLAG_MARK_NO_DECRYPT;
+
 	if (ENABLED_OPT(MARK_CA))
 		flags |=
 		    GNUTLS_PKCS11_OBJ_FLAG_MARK_CA;