diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-05-04 08:39:30 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-05-07 14:16:59 +0200 |
| commit | 25abba1c1ea82f013dfffc6ffec5ba5711822a06 (patch) | |
| tree | dbb77a0ca850508e74684c725db308dc25f27394 /src | |
| parent | 4822047b89910c3356d16f4b22930942c433197a (diff) | |
| download | gnutls-25abba1c1ea82f013dfffc6ffec5ba5711822a06.tar.gz | |
certtool: honor --ask-pass when loading a private key
This also improves the password prompt when the password requested
is not for a smart card.
Resolves: #436
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'src')
| -rw-r--r-- | src/certtool-common.h | 1 | ||||
| -rw-r--r-- | src/certtool.c | 2 | ||||
| -rw-r--r-- | src/common.c | 18 |
3 files changed, 14 insertions, 7 deletions
diff --git a/src/certtool-common.h b/src/certtool-common.h index ee07f133c8..ed6de4a677 100644 --- a/src/certtool-common.h +++ b/src/certtool-common.h @@ -54,6 +54,7 @@ typedef struct common_info { const char *password; int null_password; int empty_password; + int ask_pass; unsigned int crq_extensions; unsigned int v1_cert; /* for key generation */ diff --git a/src/certtool.c b/src/certtool.c index 95b2aed88e..6664d21c3a 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -1228,7 +1228,6 @@ static void cmd_parser(int argc, char **argv) template_parse(OPT_ARG(TEMPLATE)); } - ask_pass = ENABLED_OPT(ASK_PASS); gnutls_global_set_log_function(tls_log_func); @@ -1244,6 +1243,7 @@ static void cmd_parser(int argc, char **argv) memset(&cinfo, 0, sizeof(cinfo)); + ask_pass = cinfo.ask_pass = ENABLED_OPT(ASK_PASS); cinfo.hash = GNUTLS_DIG_UNKNOWN; if (HAVE_OPT(HASH)) { cinfo.hash = hash_to_id(OPT_ARG(HASH)); diff --git a/src/common.c b/src/common.c index 5e1b1a5582..fb98100677 100644 --- a/src/common.c +++ b/src/common.c @@ -1034,15 +1034,21 @@ pin_callback(void *user, int attempt, const char *token_url, password = getenv("GNUTLS_PIN"); } - if (password == NULL && (info == NULL || info->batch == 0)) { - fprintf(stderr, "Token '%s' with URL '%s' ", token_label, token_url); - fprintf(stderr, "requires %s PIN\n", desc); + if (password == NULL && (info == NULL || info->batch == 0 || info->ask_pass != 0)) { + if (token_label && token_label[0] != 0) { + fprintf(stderr, "Token '%s' with URL '%s' ", token_label, token_url); + fprintf(stderr, "requires %s PIN\n", desc); + password = getpass("Enter PIN: "); + } else { + password = getpass("Enter password: "); + } - password = getpass("Enter PIN: "); } else { if (flags & GNUTLS_PIN_WRONG) { - fprintf(stderr, "Token '%s' with URL '%s' ", token_label, token_url); - fprintf(stderr, "requires %s PIN\n", desc); + if (token_label && token_label[0] != 0) { + fprintf(stderr, "Token '%s' with URL '%s' ", token_label, token_url); + fprintf(stderr, "requires %s PIN\n", desc); + } fprintf(stderr, "Cannot continue with a wrong password in the environment.\n"); exit(1); } |