certtool: do not ask for private key password if it was provided

Make pin_callback() use cinfo->password if it is set (via command line
or from template).

Fixes #933

Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

diff --git a/src/common.c b/src/common.c
index 753481741bbf973b9d75c42932956e0eebb9a718..a7e784e6663d830d0ea1c7a49bee2d643cc7f9d9 100644 (file)
--- a/src/common.c
+++ b/src/common.c
@@ -1138,6 +1138,15 @@ pin_callback(void *user, int attempt, const char *token_url,
                        getenv_copy(password, sizeof(password), "GNUTLS_PIN");
        }
 
+       if (password[0] == 0 && info != NULL && info->password != NULL && info->ask_pass == 0) {
+               if (strlen(info->password) < sizeof(password)) {
+                       strcpy(password, info->password);
+               } else {
+                       memcpy(password, info->password, sizeof(password) - 1);
+                       password[sizeof(password) - 1] = '\0';
+               }
+       }
+
        if (password[0] == 0 && (info == NULL || info->batch == 0 || info->ask_pass != 0)) {
                if (token_label && token_label[0] != 0) {
                        fprintf(stderr, "Token '%s' with URL '%s' ", token_label, token_url);