Commit 4806cc102655f1a829d656f6deb83e5953c5eab2 fixed only part of the
problem. Since it removed the filename either the magic filename has to be
resurrected or all checks against priv_key_file need to take to check for
MF_EXTERNAL_KEY as well. This patch implements the extra checks
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: David Sommerseth <davids@redhat.com>
Message-Id: 1347287973-12398-1-git-send-email-arne@rfc2549.org
URL: http://article.gmane.org/gmane.network.openvpn.devel/7046
Signed-off-by: David Sommerseth <davids@redhat.com>
... | ... |
@@ -2176,6 +2176,10 @@ options_postprocess_verify_ce (const struct options *options, const struct conne |
2176 | 2176 |
msg(M_USAGE, "Parameter --cert cannot be used when --pkcs11-provider is also specified."); |
2177 | 2177 |
if (options->priv_key_file) |
2178 | 2178 |
msg(M_USAGE, "Parameter --key cannot be used when --pkcs11-provider is also specified."); |
2179 |
+#ifdef MANAGMENT_EXTERNAL_KEY |
|
2180 |
+ if (options->management_flags & MF_EXTERNAL_KEY) |
|
2181 |
+ msg(M_USAGE, "Parameter --management-external-key cannot be used when --pkcs11-provider is also specified."); |
|
2182 |
+#endif |
|
2179 | 2183 |
if (options->pkcs12_file) |
2180 | 2184 |
msg(M_USAGE, "Parameter --pkcs12 cannot be used when --pkcs11-provider is also specified."); |
2181 | 2185 |
#ifdef ENABLE_CRYPTOAPI |
... | ... |
@@ -2201,6 +2205,10 @@ options_postprocess_verify_ce (const struct options *options, const struct conne |
2201 | 2201 |
msg(M_USAGE, "Parameter --key cannot be used when --cryptoapicert is also specified."); |
2202 | 2202 |
if (options->pkcs12_file) |
2203 | 2203 |
msg(M_USAGE, "Parameter --pkcs12 cannot be used when --cryptoapicert is also specified."); |
2204 |
+#ifdef MANAGMENT_EXTERNAL_KEY |
|
2205 |
+ if (options->management_flags & MF_EXTERNAL_KEY) |
|
2206 |
+ msg(M_USAGE, "Parameter --management-external-key cannot be used when --cryptoapicert is also specified."); |
|
2207 |
+#endif |
|
2204 | 2208 |
} |
2205 | 2209 |
else |
2206 | 2210 |
#endif |
... | ... |
@@ -2215,6 +2223,10 @@ options_postprocess_verify_ce (const struct options *options, const struct conne |
2215 | 2215 |
msg(M_USAGE, "Parameter --cert cannot be used when --pkcs12 is also specified."); |
2216 | 2216 |
if (options->priv_key_file) |
2217 | 2217 |
msg(M_USAGE, "Parameter --key cannot be used when --pkcs12 is also specified."); |
2218 |
+#ifdef MANAGMENT_EXTERNAL_KEY |
|
2219 |
+ if (options->management_flags & MF_EXTERNAL_KEY) |
|
2220 |
+ msg(M_USAGE, "Parameter --external-management-key cannot be used when --pkcs12 is also specified."); |
|
2221 |
+#endif |
|
2218 | 2222 |
#endif |
2219 | 2223 |
} |
2220 | 2224 |
else |
... | ... |
@@ -2230,7 +2242,15 @@ options_postprocess_verify_ce (const struct options *options, const struct conne |
2230 | 2230 |
#endif |
2231 | 2231 |
if (pull) |
2232 | 2232 |
{ |
2233 |
- const int sum = (options->cert_file != NULL) + (options->priv_key_file != NULL); |
|
2233 |
+ |
|
2234 |
+ const int sum = (options->cert_file != NULL) + |
|
2235 |
+#ifdef MANAGMENT_EXTERNAL_KEY |
|
2236 |
+ ((options->priv_key_file != NULL) || (options->management_flags & MF_EXTERNAL_KEY)); |
|
2237 |
+#else |
|
2238 |
+ (options->priv_key_file != NULL); |
|
2239 |
+#endif |
|
2240 |
+ |
|
2241 |
+ |
|
2234 | 2242 |
if (sum == 0) |
2235 | 2243 |
{ |
2236 | 2244 |
#if P2MP |
... | ... |
@@ -2248,6 +2268,9 @@ options_postprocess_verify_ce (const struct options *options, const struct conne |
2248 | 2248 |
else |
2249 | 2249 |
{ |
2250 | 2250 |
notnull (options->cert_file, "certificate file (--cert) or PKCS#12 file (--pkcs12)"); |
2251 |
+#ifdef MANAGMENT_EXTERNAL_KEY |
|
2252 |
+ if (!options->management_flags & MF_EXTERNAL_KEY) |
|
2253 |
+#endif |
|
2251 | 2254 |
notnull (options->priv_key_file, "private key file (--key) or PKCS#12 file (--pkcs12)"); |
2252 | 2255 |
} |
2253 | 2256 |
} |