Blame SOURCES/gnutls-3.3.29-do-not-mark-object-as-private.patch

17c662
diff --git a/src/p11tool.c b/src/p11tool.c
17c662
index 2abf23a27..a6fce78e3 100644
17c662
--- a/src/p11tool.c
17c662
+++ b/src/p11tool.c
17c662
@@ -68,7 +68,7 @@ int main(int argc, char **argv)
17c662
 }
17c662
 
17c662
 static
17c662
-unsigned opt_to_flags(void)
17c662
+unsigned opt_to_flags(common_info_st *cinfo)
17c662
 {
17c662
 	unsigned flags = 0;
17c662
 
17c662
@@ -78,6 +78,12 @@ unsigned opt_to_flags(void)
17c662
 		} else {
17c662
 			flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE;
17c662
 		}
17c662
+	} else { /* if not given mark as private the private objects, and public the public ones */
17c662
+		if (cinfo->privkey)
17c662
+			flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE;
17c662
+		else if (cinfo->pubkey || cinfo->cert)
17c662
+			flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE;
17c662
+		/* else set the defaults of the token */
17c662
 	}
17c662
 
17c662
 	if (ENABLED_OPT(MARK_TRUSTED))
17c662
@@ -166,8 +172,6 @@ static void cmd_parser(int argc, char **argv)
17c662
 
17c662
 	memset(&cinfo, 0, sizeof(cinfo));
17c662
 
17c662
-	flags = opt_to_flags();
17c662
-
17c662
 	if (HAVE_OPT(SECRET_KEY))
17c662
 		cinfo.secret_key = OPT_ARG(SECRET_KEY);
17c662
 
17c662
@@ -227,6 +231,8 @@ static void cmd_parser(int argc, char **argv)
17c662
 		sec_param = OPT_ARG(SEC_PARAM);
17c662
 	}
17c662
 
17c662
+	flags = opt_to_flags(&cinfo);
17c662
+
17c662
 	if (debug > 4) {
17c662
 		if (HAVE_OPT(MARK_PRIVATE))
17c662
 			fprintf(stderr, "Private: %s\n",
17c662
-- 
17c662
2.14.3
17c662