Blame SOURCES/gnutls-3.3.29-do-not-mark-object-as-private.patch

b88a44
diff --git a/src/p11tool.c b/src/p11tool.c
b88a44
index 2abf23a27..a6fce78e3 100644
b88a44
--- a/src/p11tool.c
b88a44
+++ b/src/p11tool.c
b88a44
@@ -68,7 +68,7 @@ int main(int argc, char **argv)
b88a44
 }
b88a44
 
b88a44
 static
b88a44
-unsigned opt_to_flags(void)
b88a44
+unsigned opt_to_flags(common_info_st *cinfo)
b88a44
 {
b88a44
 	unsigned flags = 0;
b88a44
 
b88a44
@@ -78,6 +78,12 @@ unsigned opt_to_flags(void)
b88a44
 		} else {
b88a44
 			flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE;
b88a44
 		}
b88a44
+	} else { /* if not given mark as private the private objects, and public the public ones */
b88a44
+		if (cinfo->privkey)
b88a44
+			flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE;
b88a44
+		else if (cinfo->pubkey || cinfo->cert)
b88a44
+			flags |= GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE;
b88a44
+		/* else set the defaults of the token */
b88a44
 	}
b88a44
 
b88a44
 	if (ENABLED_OPT(MARK_TRUSTED))
b88a44
@@ -166,8 +172,6 @@ static void cmd_parser(int argc, char **argv)
b88a44
 
b88a44
 	memset(&cinfo, 0, sizeof(cinfo));
b88a44
 
b88a44
-	flags = opt_to_flags();
b88a44
-
b88a44
 	if (HAVE_OPT(SECRET_KEY))
b88a44
 		cinfo.secret_key = OPT_ARG(SECRET_KEY);
b88a44
 
b88a44
@@ -227,6 +231,8 @@ static void cmd_parser(int argc, char **argv)
b88a44
 		sec_param = OPT_ARG(SEC_PARAM);
b88a44
 	}
b88a44
 
b88a44
+	flags = opt_to_flags(&cinfo);
b88a44
+
b88a44
 	if (debug > 4) {
b88a44
 		if (HAVE_OPT(MARK_PRIVATE))
b88a44
 			fprintf(stderr, "Private: %s\n",
b88a44
-- 
b88a44
2.14.3
b88a44