From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Thu, 14 Apr 2016 08:54:49 +0000 (+0200)
Subject: certtool: do not allow combining --provable with --ecc in key generation
X-Git-Tag: gnutls_3_5_0~142
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=da9b4e323e246598129c018d727d35a4e20b6038;p=thirdparty%2Fgnutls.git

certtool: do not allow combining --provable with --ecc in key generation

There is no such support in the library.
---

diff --git a/src/certtool.c b/src/certtool.c
index 18d272439b..db8e626164 100644
--- a/src/certtool.c
+++ b/src/certtool.c
@@ -139,6 +139,12 @@ generate_private_key_int(common_info_st * cinfo)
 		fprintf(stderr,
 			"Note that ECDSA keys with size less than 256 are not widely supported.\n\n");
 
+	if (provable && (key_type != GNUTLS_PK_RSA && key_type != GNUTLS_PK_DSA)) {
+		fprintf(stderr,
+			"The --provable parameter cannot be used with ECDSA keys.\n");
+		exit(1);
+	}
+
 	if (bits > 1024 && key_type == GNUTLS_PK_DSA)
 		fprintf(stderr,
 			"Note that DSA keys with size over 1024 may cause incompatibility problems when used with earlier than TLS 1.2 versions.\n\n");