certtool: honor --ask-pass when loading a private keytmp-certtool-passwd

This also improves the password prompt when the password requested
is not for a smart card.

Resolves: #436

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

1 files changed, 12 insertions, 6 deletions

diff --git a/src/common.c b/src/common.c
index 5e1b1a5582..fb98100677 100644
--- a/src/common.c
+++ b/src/common.c
@@ -1034,15 +1034,21 @@ pin_callback(void *user, int attempt, const char *token_url,
 			password = getenv("GNUTLS_PIN");
 	}
 
-	if (password == NULL && (info == NULL || info->batch == 0)) {
-		fprintf(stderr, "Token '%s' with URL '%s' ", token_label, token_url);
-		fprintf(stderr, "requires %s PIN\n", desc);
+	if (password == NULL && (info == NULL || info->batch == 0 || info->ask_pass != 0)) {
+		if (token_label && token_label[0] != 0) {
+			fprintf(stderr, "Token '%s' with URL '%s' ", token_label, token_url);
+			fprintf(stderr, "requires %s PIN\n", desc);
+			password = getpass("Enter PIN: ");
+		} else {
+			password = getpass("Enter password: ");
+		}
 
-		password = getpass("Enter PIN: ");
 	} else {
 		if (flags & GNUTLS_PIN_WRONG) {
-			fprintf(stderr, "Token '%s' with URL '%s' ", token_label, token_url);
-			fprintf(stderr, "requires %s PIN\n", desc);
+			if (token_label && token_label[0] != 0) {
+				fprintf(stderr, "Token '%s' with URL '%s' ", token_label, token_url);
+				fprintf(stderr, "requires %s PIN\n", desc);
+			}
 			fprintf(stderr, "Cannot continue with a wrong password in the environment.\n");
 			exit(1);
 		}