From a65932fd0ec453abcd355406f3518d85de6ee1d7 Mon Sep 17 00:00:00 2001
From: Paul Wouters <paul.wouters@aiven.io>
Date: Fri, 21 Jun 2024 22:06:12 -0400
Subject: [PATCH] Add libreswan-4.15-ipsec_import.patch

Related: RHEL-32481
---
 libreswan-4.15-ipsec_import.patch | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 libreswan-4.15-ipsec_import.patch

diff --git a/libreswan-4.15-ipsec_import.patch b/libreswan-4.15-ipsec_import.patch
new file mode 100644
index 0000000..129fbfd
--- /dev/null
+++ b/libreswan-4.15-ipsec_import.patch
@@ -0,0 +1,20 @@
+diff --git a/programs/ipsec/ipsec.in b/programs/ipsec/ipsec.in
+index 40ff9f4138..41813b5258 100755
+--- a/programs/ipsec/ipsec.in
++++ b/programs/ipsec/ipsec.in
+@@ -758,7 +758,14 @@ ipsec_import() {
+ 	    exit 1
+ 	fi
+ 
+-	pk12util -i "${pkcs12bundle}" -d "${IPSEC_NSSDIR_SQL}"
++	# First try blanc password to avoid uselessly prompting interactively
++	pk12util -i "${pkcs12bundle}" -d "${IPSEC_NSSDIR_SQL}" -W '' 2>/dev/null
++	# check for SEC_ERROR_BAD_PASSWORD
++	if [ $? -eq 18 ]; then
++	    # Not the empty password
++	    pk12util -i "${pkcs12bundle}" -d "${IPSEC_NSSDIR_SQL}"
++	fi
++
+ 	# check and correct trust bits
+ 	set_nss_db_trusts
+ 	exit 0