Browse code
pkcs11: Load p11-kit-proxy.so module by default
If the user specifies --pkcs11-id or --pkcs-id-management but neglects
to explicitly provide a --pkcs11-provider argument, and if the system
has p11-kit installed, then load the p11-kit proxy module so that the
system-configured tokens are available.
Trac: 490
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <1418303015.31745.78.camel@infradead.org>
URL: http://article.gmane.org/gmane.network.openvpn.devel/9342
Signed-off-by: Gert Doering <gert@greenie.muc.de>
David Woodhouse authored on 2014/12/11 22:03:35Showing 3 changed files
| ... | ... |
@@ -1044,6 +1044,13 @@ if test "${enable_pkcs11}" = "yes"; then
|
| 1044 | 1044 |
OPTIONAL_PKCS11_HELPER_CFLAGS="${PKCS11_HELPER_CFLAGS}"
|
| 1045 | 1045 |
OPTIONAL_PKCS11_HELPER_LIBS="${PKCS11_HELPER_LIBS}"
|
| 1046 | 1046 |
AC_DEFINE([ENABLE_PKCS11], [1], [Enable PKCS11]) |
| 1047 |
+ PKG_CHECK_MODULES( |
|
| 1048 |
+ [P11KIT], |
|
| 1049 |
+ [p11-kit-1], |
|
| 1050 |
+ [proxy_module="`$PKG_CONFIG --variable=proxy_module p11-kit-1`" |
|
| 1051 |
+ AC_DEFINE_UNQUOTED([DEFAULT_PKCS11_MODULE], "${proxy_module}", [p11-kit proxy])],
|
|
| 1052 |
+ [] |
|
| 1053 |
+ ) |
|
| 1047 | 1054 |
fi |
| 1048 | 1055 |
|
| 1049 | 1056 |
if test "${enable_pedantic}" = "yes"; then
|
| ... | ... |
@@ -4355,6 +4355,16 @@ This option can be used instead of |
| 4355 | 4355 |
.B \-\-cert, \-\-key, |
| 4356 | 4356 |
and |
| 4357 | 4357 |
.B \-\-pkcs12. |
| 4358 |
+ |
|
| 4359 |
+If p11-kit is present on the system, its |
|
| 4360 |
+.B p11-kit-proxy.so |
|
| 4361 |
+module will be loaded by default if either the |
|
| 4362 |
+.B \-\-pkcs11\-id |
|
| 4363 |
+or |
|
| 4364 |
+.B \-\-pkcs11\-id\-management |
|
| 4365 |
+options are specified without |
|
| 4366 |
+.B \-\-pkcs11\-provider |
|
| 4367 |
+being given. |
|
| 4358 | 4368 |
.\"********************************************************* |
| 4359 | 4369 |
.TP |
| 4360 | 4370 |
.B \-\-pkcs11-private-mode mode... |
| ... | ... |
@@ -2466,6 +2466,15 @@ options_postprocess_mutate_invariant (struct options *options) |
| 2466 | 2466 |
#endif |
| 2467 | 2467 |
} |
| 2468 | 2468 |
#endif |
| 2469 |
+ |
|
| 2470 |
+#ifdef DEFAULT_PKCS11_MODULE |
|
| 2471 |
+ /* If p11-kit is present on the system then load its p11-kit-proxy.so |
|
| 2472 |
+ by default if the user asks for PKCS#11 without otherwise specifying |
|
| 2473 |
+ the module to use. */ |
|
| 2474 |
+ if (!options->pkcs11_providers[0] && |
|
| 2475 |
+ (options->pkcs11_id || options->pkcs11_id_management)) |
|
| 2476 |
+ options->pkcs11_providers[0] = DEFAULT_PKCS11_MODULE; |
|
| 2477 |
+#endif |
|
| 2469 | 2478 |
} |
| 2470 | 2479 |
|
| 2471 | 2480 |
static void |