certtool: --ask-pass option does not work with PKCS#8 encoded private key
Description of problem:
When using --ask-pass
together with --template
, certtool should ask the user for password according to the manual.
Instead it prints an error.
Version of gnutls used:
gnutls_3_6_2-347-g0ce2a9b3 also tested with 3.5.8
Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)
gnutls_3_6_2-347-g0ce2a9b3 built from source (or the 3.5.8 tested in Ubuntu)
How reproducible:
Steps to Reproduce:
- Generate an encrypted private key encoded using PKCS#8
$ ./src/certtool --generate-privkey --rsa --outfile /tmp/key3 --pkcs8
Generating a 3072 bit RSA private key...
Enter password:
- Try to use it to generate a self-signed certificate
$ ./src/certtool --generate-self-signed --load-privkey /tmp/key3 --template /tmp/template2.cfg --outfile /tmp/cert3 --ask-pass
Generating a self signed certificate...
No PIN given.
note: when operating in batch mode, set the GNUTLS_PIN or GNUTLS_SO_PIN environment variables
Actual results:
certtool complains about missing GNUTLS_PIN
and GNUTLS_SO_PIN
environment variables
Expected results:
certtool interactively asks the user for password, as described in the manual:
--ask-pass
Enable interaction for entering password when in batch mode..
This option will enable interaction to enter password when in batch mode. That is useful
when the template option has been specified.