1. openvpn
  2. Commit 6dad4f8e924086333d32122432f316a17ae67987
Browse code

Add checks for external-key-managements

Commit 4806cc102655f1a829d656f6deb83e5953c5eab2 fixed only part of the
problem. Since it removed the filename either the magic filename has to be
resurrected or all checks against priv_key_file need to take to check for
MF_EXTERNAL_KEY as well. This patch implements the extra checks

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: David Sommerseth <davids@redhat.com>
Message-Id: 1347287973-12398-1-git-send-email-arne@rfc2549.org
URL: http://article.gmane.org/gmane.network.openvpn.devel/7046
Signed-off-by: David Sommerseth <davids@redhat.com>

Arne Schwabe authored on 2012/09/10 23:39:33
Showing 1 changed files
src/openvpn/options.c
History View file @ 6dad4f8
... ... 
@@ -2176,6 +2176,10 @@ options_postprocess_verify_ce (const struct options *options, const struct conne
2176 2176 
 	  msg(M_USAGE, "Parameter --cert cannot be used when --pkcs11-provider is also specified.");
2177 2177 
 	if (options->priv_key_file)
2178 2178 
 	  msg(M_USAGE, "Parameter --key cannot be used when --pkcs11-provider is also specified.");
2179 
+#ifdef MANAGMENT_EXTERNAL_KEY
2180 
+	if (options->management_flags & MF_EXTERNAL_KEY)
2181 
+	  msg(M_USAGE, "Parameter --management-external-key cannot be used when --pkcs11-provider is also specified.");
2182 
+#endif
2179 2183 
 	if (options->pkcs12_file)
2180 2184 
 	  msg(M_USAGE, "Parameter --pkcs12 cannot be used when --pkcs11-provider is also specified.");
2181 2185 
 #ifdef ENABLE_CRYPTOAPI
... ... 
@@ -2201,6 +2205,10 @@ options_postprocess_verify_ce (const struct options *options, const struct conne
2201 2201 
 	    msg(M_USAGE, "Parameter --key cannot be used when --cryptoapicert is also specified.");
2202 2202 
           if (options->pkcs12_file)
2203 2203 
 	    msg(M_USAGE, "Parameter --pkcs12 cannot be used when --cryptoapicert is also specified.");
2204 
+#ifdef MANAGMENT_EXTERNAL_KEY
2205 
+          if (options->management_flags & MF_EXTERNAL_KEY)
2206 
+	    msg(M_USAGE, "Parameter --management-external-key cannot be used when --cryptoapicert is also specified.");
2207 
+#endif
2204 2208 
 	}
2205 2209 
       else
2206 2210 
 #endif
... ... 
@@ -2215,6 +2223,10 @@ options_postprocess_verify_ce (const struct options *options, const struct conne
2215 2215 
 	    msg(M_USAGE, "Parameter --cert cannot be used when --pkcs12 is also specified.");
2216 2216 
           if (options->priv_key_file)
2217 2217 
 	    msg(M_USAGE, "Parameter --key cannot be used when --pkcs12 is also specified.");
2218 
+#ifdef MANAGMENT_EXTERNAL_KEY
2219 
+          if (options->management_flags & MF_EXTERNAL_KEY)
2220 
+	    msg(M_USAGE, "Parameter --external-management-key cannot be used when --pkcs12 is also specified.");
2221 
+#endif
2218 2222 
 #endif
2219 2223 
         }
2220 2224 
       else
... ... 
@@ -2230,7 +2242,15 @@ options_postprocess_verify_ce (const struct options *options, const struct conne
2230 2230 
 #endif
2231 2231 
 	  if (pull)
2232 2232 
 	    {
2233 
-	      const int sum = (options->cert_file != NULL) + (options->priv_key_file != NULL);
2233 
+
2234 
+	      const int sum = (options->cert_file != NULL) +
2235 
+#ifdef MANAGMENT_EXTERNAL_KEY
2236 
+			((options->priv_key_file != NULL) || (options->management_flags & MF_EXTERNAL_KEY));
2237 
+#else
2238 
+		    (options->priv_key_file != NULL);
2239 
+#endif
2240 
+
2241 
+
2234 2242 
 	      if (sum == 0)
2235 2243 
 		{
2236 2244 
 #if P2MP
... ... 
@@ -2248,6 +2268,9 @@ options_postprocess_verify_ce (const struct options *options, const struct conne
2248 2248 
 	  else
2249 2249 
 	    {
2250 2250 
 	      notnull (options->cert_file, "certificate file (--cert) or PKCS#12 file (--pkcs12)");
2251 
+#ifdef MANAGMENT_EXTERNAL_KEY
2252 
+          if (!options->management_flags & MF_EXTERNAL_KEY)
2253 
+#endif
2251 2254 
 	      notnull (options->priv_key_file, "private key file (--key) or PKCS#12 file (--pkcs12)");
2252 2255 
 	    }
2253 2256 
 	}