]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
projects / thirdparty / gnutls.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3feac2a)
p12: do not encrypt encrypt certificate bag with empty password
authorDmitry Baryshkov <dbaryshkov@gmail.com>
Wed, 27 May 2020 21:05:35 +0000 (00:05 +0300)
committerDmitry Baryshkov <dbaryshkov@gmail.com>
Thu, 28 May 2020 11:12:32 +0000 (14:12 +0300)
Do not encrypt certificate bag if the user has specified empty password
(--password ''). Encryption can be turned on by specifying
--empty-password.

Fixes #888

Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
src/certtool.c patch | blob | blame | history

diff --git a/src/certtool.c b/src/certtool.c
index a46f774114a8b79734ab8e4e0ddeb9f83777d5ce..e5e93d719babf9ccbf7156cd161440c66b93a7be 100644 (file)
--- a/src/certtool.c
+++ b/src/certtool.c
@@ -3027,7 +3027,8 @@ void generate_pkcs12(common_info_st * cinfo)
                        app_exit(1);
                }
 
-               result = gnutls_pkcs12_bag_encrypt(bag, pass, flags);
+               if (!(flags & GNUTLS_PKCS_PLAIN) || cinfo->empty_password)
+                       result = gnutls_pkcs12_bag_encrypt(bag, pass, flags);
                if (result < 0) {
                        fprintf(stderr, "bag_encrypt: %s\n",
                                gnutls_strerror(result));
Mirror of https://gitlab.com/gnutls/gnutls.git