From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Mon, 14 Jan 2019 09:56:27 +0000 (+0100)
Subject: certtool: data encipherment is disabled by default
X-Git-Tag: gnutls_3_6_6~22^2
X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=c2644e563a2de57133970ed46f8dcf081615b6e4;p=thirdparty%2Fgnutls.git

certtool: data encipherment is disabled by default

For the TLS protocol this option is not necessary, and if enabled
by mistake (as default) and no other option is set, then the
generated key will be unusable. Thus we disable it, to generate
working keys by default.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
---

diff --git a/src/certtool-cfg.c b/src/certtool-cfg.c
index 8d5f63417d..05764dec21 100644
--- a/src/certtool-cfg.c
+++ b/src/certtool-cfg.c
@@ -2583,7 +2583,7 @@ int get_data_encipherment_status(void)
 	if (batch) {
 		return cfg.data_encipherment;
 	} else {
-		return read_yesno("Will the certificate be used for data encryption? (Y/n): ", 1);
+		return read_yesno("Will the certificate be used for data encryption? (y/N): ", 0);
 	}
 }