certtool: data encipherment is disabled by default

For the TLS protocol this option is not necessary, and if enabled
by mistake (as default) and no other option is set, then the
generated key will be unusable. Thus we disable it, to generate
working keys by default.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

diff --git a/src/certtool-cfg.c b/src/certtool-cfg.c
index 8d5f63417d1b80badc696a6a5abc69b1a3531a29..05764dec2132c2a2937bc222eb80bb38b2b42ee8 100644 (file)
--- a/src/certtool-cfg.c
+++ b/src/certtool-cfg.c
@@ -2583,7 +2583,7 @@ int get_data_encipherment_status(void)
        if (batch) {
                return cfg.data_encipherment;
        } else {
-               return read_yesno("Will the certificate be used for data encryption? (Y/n): ", 1);
+               return read_yesno("Will the certificate be used for data encryption? (y/N): ", 0);
        }
 }