Bug#522281: certtool does not ask for a key's passphrase if it is using a template
Matthew King
matthew.king at monnsta.net
Thu Apr 2 10:49:58 UTC 2009
Package: gnutls-bin
Version: 2.4.2-6+lenny1
If you attempt to use a pkcs8 private key with a template file, and that
template file does not specify the passphrase, certtool exits with an
error:
certtool: importing --load-privkey: ca-key.pem: Decryption has failed.
I am not sure which is worse - putting the passphrase in the template
file or asking questions in batch mode, but the patch to allow the
latter is simple:
--- src/certtool-cfg.c~ 2008-09-15 21:04:19.000000000 +0100
+++ src/certtool-cfg.c 2009-04-02 11:40:57.000000000 +0100
@@ -301,7 +301,7 @@
const char *
get_pass (void)
{
- if (batch)
+ if (batch && !(cfg.password == NULL || *cfg.password == '\0'))
return cfg.password;
else
return getpass ("Enter password: ");
Possibly the if clause could be extended so that an option can be added
to specify that the batch process really is non-interactive (or,
alternatively, that the batch process can be interrupted to ask for the
passphrase if necessary).
Matthew
--
I must take issue with the term "a mere child", for it has been my
invariable experience that the company of a mere child is infinitely
preferable to that of a mere adult.
-- Fran Lebowitz
More information about the Pkg-gnutls-maint
mailing list