diff options
author | Simon Josefsson <simon@josefsson.org> | 2004-11-08 23:42:26 +0000 |
---|---|---|
committer | Simon Josefsson <simon@josefsson.org> | 2004-11-08 23:42:26 +0000 |
commit | 46edab34b43dcc225ac863427db36b93d71ea84f (patch) | |
tree | 38332994f550602a84dd3806726772e360388baf | |
parent | e06083148229c174f9987e8492cf6d70646daff7 (diff) | |
download | gnutls-46edab34b43dcc225ac863427db36b93d71ea84f.tar.gz |
Make private key optional in --to-p12, suggested by Fabian Fagerholm
<fabbe@paniq.net>.
-rw-r--r-- | src/certtool.c | 122 |
1 files changed, 69 insertions, 53 deletions
diff --git a/src/certtool.c b/src/certtool.c index b049da43e7..748566beb5 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -2251,7 +2251,7 @@ void generate_pkcs12(void) fprintf(stderr, "Generating a PKCS #12 structure...\n"); - key = load_private_key(1); + key = load_private_key(0); crt = load_cert(0); name = get_pkcs12_key_name(); @@ -2267,16 +2267,6 @@ void generate_pkcs12(void) exit(1); } - size = sizeof(_key_id); - result = gnutls_x509_privkey_get_key_id(key, 0, _key_id, &size); - if (result < 0) { - fprintf(stderr, "key_id: %s\n", gnutls_strerror(result)); - exit(1); - } - - key_id.data = _key_id; - key_id.size = size; - if (crt) { /* add the certificate only if it was specified. */ result = gnutls_pkcs12_bag_set_crt(bag, crt); @@ -2289,11 +2279,20 @@ void generate_pkcs12(void) result = gnutls_pkcs12_bag_set_friendly_name(bag, index, name); if (result < 0) { - fprintf(stderr, "bag_set_key_id: %s\n", + fprintf(stderr, "bag_set_friendly_name: %s\n", gnutls_strerror(result)); exit(1); } + size = sizeof(_key_id); + result = gnutls_x509_crt_get_key_id(crt, 0, _key_id, &size); + if (result < 0) { + fprintf(stderr, "key_id: %s\n", gnutls_strerror(result)); + exit(1); + } + + key_id.data = _key_id; + key_id.size = size; result = gnutls_pkcs12_bag_set_key_id(bag, index, &key_id); if (result < 0) { @@ -2314,50 +2313,65 @@ void generate_pkcs12(void) } } - /* Key BAG */ + if (key) { /* add the key only if it was specified. + */ + result = gnutls_pkcs12_bag_init(&kbag); + if (result < 0) { + fprintf(stderr, "bag_init: %s\n", gnutls_strerror(result)); + exit(1); + } - result = gnutls_pkcs12_bag_init(&kbag); - if (result < 0) { - fprintf(stderr, "bag_init: %s\n", gnutls_strerror(result)); - exit(1); - } + if (info.export) + flags = GNUTLS_PKCS_USE_PKCS12_RC2_40; + else + flags = GNUTLS_PKCS_USE_PKCS12_3DES; - if (info.export) - flags = GNUTLS_PKCS_USE_PKCS12_RC2_40; - else - flags = GNUTLS_PKCS_USE_PKCS12_3DES; + size = sizeof(buffer); + result = + gnutls_x509_privkey_export_pkcs8(key, GNUTLS_X509_FMT_DER, + password, flags, buffer, + &size); + if (result < 0) { + fprintf(stderr, "key_export: %s\n", gnutls_strerror(result)); + exit(1); + } - size = sizeof(buffer); - result = - gnutls_x509_privkey_export_pkcs8(key, GNUTLS_X509_FMT_DER, - password, flags, buffer, &size); - if (result < 0) { - fprintf(stderr, "key_export: %s\n", gnutls_strerror(result)); - exit(1); - } + data.data = buffer; + data.size = size; + result = + gnutls_pkcs12_bag_set_data(kbag, + GNUTLS_BAG_PKCS8_ENCRYPTED_KEY, + &data); + if (result < 0) { + fprintf(stderr, "bag_set_data: %s\n", gnutls_strerror(result)); + exit(1); + } - data.data = buffer; - data.size = size; - result = - gnutls_pkcs12_bag_set_data(kbag, GNUTLS_BAG_PKCS8_ENCRYPTED_KEY, - &data); - if (result < 0) { - fprintf(stderr, "bag_set_data: %s\n", gnutls_strerror(result)); - exit(1); - } + index = result; - index = result; + result = gnutls_pkcs12_bag_set_friendly_name(kbag, index, name); + if (result < 0) { + fprintf(stderr, "bag_set_friendly_name: %s\n", + gnutls_strerror(result)); + exit(1); + } - result = gnutls_pkcs12_bag_set_friendly_name(kbag, index, name); - if (result < 0) { - fprintf(stderr, "bag_set_key_id: %s\n", gnutls_strerror(result)); - exit(1); - } + size = sizeof(_key_id); + result = gnutls_x509_privkey_get_key_id(key, 0, _key_id, &size); + if (result < 0) { + fprintf(stderr, "key_id: %s\n", gnutls_strerror(result)); + exit(1); + } - result = gnutls_pkcs12_bag_set_key_id(kbag, result, &key_id); - if (result < 0) { - fprintf(stderr, "bag_set_key_id: %s\n", gnutls_strerror(result)); - exit(1); + key_id.data = _key_id; + key_id.size = size; + + result = gnutls_pkcs12_bag_set_key_id(kbag, result, &key_id); + if (result < 0) { + fprintf(stderr, "bag_set_key_id: %s\n", + gnutls_strerror(result)); + exit(1); + } } /* write the PKCS #12 structure. @@ -2376,10 +2390,12 @@ void generate_pkcs12(void) } } - result = gnutls_pkcs12_set_bag(pkcs12, kbag); - if (result < 0) { - fprintf(stderr, "set_bag: %s\n", gnutls_strerror(result)); - exit(1); + if (key) { + result = gnutls_pkcs12_set_bag(pkcs12, kbag); + if (result < 0) { + fprintf(stderr, "set_bag: %s\n", gnutls_strerror(result)); + exit(1); + } } result = gnutls_pkcs12_generate_mac(pkcs12, password); |