From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Thu, 22 Sep 2016 07:21:06 +0000 (+0200)
Subject: certtool: do not require a certificate to generate a PKCS#12 file
X-Git-Tag: gnutls_3_5_5~71
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=b514618b8ff6591f718bb46035ef1a0fd7200fd4;p=thirdparty%2Fgnutls.git

certtool: do not require a certificate to generate a PKCS#12 file

That is, allow generating PKCS#12 files with private keys only as well.
---

diff --git a/src/certtool-args.def b/src/certtool-args.def
index 29835f8fe4..c3acef5ac3 100644
--- a/src/certtool-args.def
+++ b/src/certtool-args.def
@@ -408,7 +408,6 @@ flag = {
     name      = to-p12;
     descrip   = "Generate a PKCS #12 structure";
     doc = "It requires a certificate, a private key and possibly a CA certificate to be specified.";
-    flags-must = load-certificate;
 };
 
 flag = {
diff --git a/src/certtool.c b/src/certtool.c
index e27f055093..ecc1393bcc 100644
--- a/src/certtool.c
+++ b/src/certtool.c
@@ -3105,6 +3105,11 @@ void generate_pkcs12(common_info_st * cinfo)
 	crts = load_cert_list(0, &ncrts, cinfo);
 	ca_crt = load_ca_cert(0, cinfo);
 
+	if (keys == NULL && crts == NULL && ca_crt == NULL) {
+		fprintf(stderr, "You must specify one of\n\t--load-privkey\n\t--load-certificate\n\t--load-ca-certificate\n");
+		exit(1);
+	}
+
 	if (HAVE_OPT(P12_NAME)) {
 		name = OPT_ARG(P12_NAME);
 	} else {