certtool: be more specific on the help message for --sec-param when --bits are given

author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2015-10-12 21:54:09 +0200
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2015-10-12 21:56:44 +0200
commit: e0143b8c886d378ca364b5fb145de177cbd70bd8 (patch)
tree: 599a5ec371b3c84823db7448e94b6f9d2618d90d /src/certtool-common.c
parent: c49247ac8734bd2ce7672b3b2b0d823857fd82a4 (diff)
download: gnutls-e0143b8c886d378ca364b5fb145de177cbd70bd8.tar.gz
1 files changed, 12 insertions, 1 deletions
diff --git a/src/certtool-common.c b/src/certtool-common.c
index 209a10f3e8..3b88bc395d 100644
--- a/src/certtool-common.c
+++ b/src/certtool-common.c
@@ -679,6 +679,16 @@ gnutls_pubkey_t load_public_key_or_import(int mand,
 	return pubkey;
 }
 
+static const char *bits_to_sp(gnutls_pk_algorithm_t pk, unsigned int bits)
+{
+	gnutls_sec_param_t s = gnutls_pk_bits_to_sec_param(pk, bits);
+	if (s == GNUTLS_SEC_PARAM_UNKNOWN) {
+		return gnutls_sec_param_get_name(GNUTLS_SEC_PARAM_MEDIUM);
+	}
+
+	return gnutls_sec_param_get_name(s);
+}
+
 int
 get_bits(gnutls_pk_algorithm_t key_type, int info_bits,
 	 const char *info_sec_param, int warn)
@@ -691,7 +701,8 @@ get_bits(gnutls_pk_algorithm_t key_type, int info_bits,
 		if (warned == 0 && warn != 0 && GNUTLS_BITS_ARE_CURVE(info_bits)==0) {
 			warned = 1;
 			fprintf(stderr,
-				"** Note: Please use the --sec-param instead of --bits\n");
+				"** Note: You may use '--sec-param %s' instead of '--bits %d'\n",
+				bits_to_sp(key_type, info_bits), info_bits);
 		}
 		bits = info_bits;
 	} else {
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2015-10-12 21:54:09 +0200
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2015-10-12 21:56:44 +0200
commit	e0143b8c886d378ca364b5fb145de177cbd70bd8 (patch)
tree	599a5ec371b3c84823db7448e94b6f9d2618d90d /src/certtool-common.c
parent	c49247ac8734bd2ce7672b3b2b0d823857fd82a4 (diff)
download	gnutls-e0143b8c886d378ca364b5fb145de177cbd70bd8.tar.gz