diff options
-rw-r--r-- | src/p11tool-args.def | 13 | ||||
-rw-r--r-- | src/p11tool.c | 9 |
2 files changed, 20 insertions, 2 deletions
diff --git a/src/p11tool-args.def b/src/p11tool-args.def index b017ae9345..4213238420 100644 --- a/src/p11tool-args.def +++ b/src/p11tool-args.def @@ -259,6 +259,14 @@ flag = { disabled; descrip = "Marks the object to be written as trusted"; doc = "Marks the object to be generated/written with the CKA_TRUST flag."; + flags_cant = mark-distrusted; +}; + +flag = { + name = mark-distrusted; + descrip = "When retrieving objects, it requires the objects to be distrusted (blacklisted)"; + doc = "Ensures that the objects retrieved have the CKA_X_TRUST flag."; + flags_cant = mark-trusted; }; flag = { @@ -298,6 +306,11 @@ flag = { }; flag = { + name = distrusted; + aliases = mark-distrusted; +}; + +flag = { name = ca; aliases = mark-ca; }; diff --git a/src/p11tool.c b/src/p11tool.c index 53a76016e3..80bcad039c 100644 --- a/src/p11tool.c +++ b/src/p11tool.c @@ -88,9 +88,14 @@ unsigned opt_to_flags(common_info_st *cinfo, unsigned *key_usage) /* else set the defaults of the token */ } - if (ENABLED_OPT(MARK_TRUSTED)) + if (HAVE_OPT(MARK_DISTRUSTED)) { flags |= - GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED; + GNUTLS_PKCS11_OBJ_FLAG_MARK_DISTRUSTED; + } else { + if (ENABLED_OPT(MARK_TRUSTED)) + flags |= + GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED; + } if (ENABLED_OPT(MARK_SIGN)) *key_usage |= GNUTLS_KEY_DIGITAL_SIGNATURE; |