diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-09-26 14:24:31 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2016-09-26 20:56:03 +0200 |
| commit | 50869b5e70c8228c62dd33b7eab43163d0ed1c5a (patch) | |
| tree | 3ea6b7c51c7d239c31465c1d482a8d13d8da8b4c /src/p11tool.c | |
| parent | b5fb1bc2292a7d803fc194cae1230e065b540bdd (diff) | |
| download | gnutls-50869b5e70c8228c62dd33b7eab43163d0ed1c5a.tar.gz | |
p11tool: introduced the --mark-distrusted and --distrusted options
This allows to mark objects as distrusted, as well as list all
distrusted certificates (blacklisted) for a p11-kit trust module as:
p11tool --list-all-certs --distrusted
Diffstat (limited to 'src/p11tool.c')
| -rw-r--r-- | src/p11tool.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/src/p11tool.c b/src/p11tool.c index 53a76016e3..80bcad039c 100644 --- a/src/p11tool.c +++ b/src/p11tool.c @@ -88,9 +88,14 @@ unsigned opt_to_flags(common_info_st *cinfo, unsigned *key_usage) /* else set the defaults of the token */ } - if (ENABLED_OPT(MARK_TRUSTED)) + if (HAVE_OPT(MARK_DISTRUSTED)) { flags |= - GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED; + GNUTLS_PKCS11_OBJ_FLAG_MARK_DISTRUSTED; + } else { + if (ENABLED_OPT(MARK_TRUSTED)) + flags |= + GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED; + } if (ENABLED_OPT(MARK_SIGN)) *key_usage |= GNUTLS_KEY_DIGITAL_SIGNATURE; |