diff options
author | Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> | 2018-06-15 13:06:41 +0300 |
---|---|---|
committer | Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> | 2018-06-23 12:20:17 +0300 |
commit | 5a8b7971a5e8115de52427d58e8e5167479a7c07 (patch) | |
tree | f03bc75307c5630daba301db430e83a930a287ea | |
parent | 9a422fd151ebadc5e20e394aaa6ef6b1ed62b688 (diff) | |
download | gnutls-5a8b7971a5e8115de52427d58e8e5167479a7c07.tar.gz |
certtool: honour --hash option when generating PKCS#12 files
Use algorithm specified with --hash option when generating MAC for
PKCS#12 file, allowing user to select algorithms other than SHA-1.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
-rw-r--r-- | src/certtool.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/src/certtool.c b/src/certtool.c index 13f36a60fa..315c23c527 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -2913,6 +2913,7 @@ void generate_pkcs12(common_info_st * cinfo) gnutls_x509_crl_t *crls; gnutls_x509_crt_t *crts, ca_crt; gnutls_x509_privkey_t *keys; + gnutls_mac_algorithm_t mac; int result; size_t size; gnutls_datum_t data; @@ -2939,6 +2940,11 @@ void generate_pkcs12(common_info_st * cinfo) app_exit(1); } + if (cinfo->hash != GNUTLS_DIG_UNKNOWN) + mac = cinfo->hash; + else + mac = GNUTLS_MAC_SHA1; + if (HAVE_OPT(P12_NAME)) { name = OPT_ARG(P12_NAME); } else { @@ -3165,7 +3171,7 @@ void generate_pkcs12(common_info_st * cinfo) gnutls_pkcs12_bag_deinit(kbag); } - result = gnutls_pkcs12_generate_mac(pkcs12, pass); + result = gnutls_pkcs12_generate_mac2(pkcs12, mac, pass); if (result < 0) { fprintf(stderr, "generate_mac: %s\n", gnutls_strerror(result)); |