Browse code
Make 'provider' option to --show-pkcs11-ids optional where p11-kit is present
Trac: 490
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <1418905506.21260.6.camel@infradead.org>
URL: http://article.gmane.org/gmane.network.openvpn.devel/9355
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit a91a06cb291414c9e657377e44f7a57343ae7f5a)
David Woodhouse authored on 2014/12/18 21:25:06Showing 2 changed files
| ... | ... |
@@ -5490,11 +5490,17 @@ adapter list. |
| 5490 | 5490 |
.SS PKCS#11 Standalone Options: |
| 5491 | 5491 |
.\"********************************************************* |
| 5492 | 5492 |
.TP |
| 5493 |
-.B \-\-show-pkcs11-ids provider [cert_private] |
|
| 5493 |
+.B \-\-show-pkcs11-ids [provider] [cert_private] |
|
| 5494 | 5494 |
(Standalone) |
| 5495 | 5495 |
Show PKCS#11 token object list. Specify cert_private as 1 |
| 5496 | 5496 |
if certificates are stored as private objects. |
| 5497 | 5497 |
|
| 5498 |
+If p11-kit is present on the system, the |
|
| 5499 |
+.B provider |
|
| 5500 |
+argument is optional; if omitted the default |
|
| 5501 |
+.B p11-kit-proxy.so |
|
| 5502 |
+module will be queried. |
|
| 5503 |
+ |
|
| 5498 | 5504 |
.B \-\-verb |
| 5499 | 5505 |
option can be used BEFORE this option to produce debugging information. |
| 5500 | 5506 |
.\"********************************************************* |
| ... | ... |
@@ -738,7 +738,11 @@ static const char usage_message[] = |
| 738 | 738 |
#ifdef ENABLE_PKCS11 |
| 739 | 739 |
"\n" |
| 740 | 740 |
"PKCS#11 standalone options:\n" |
| 741 |
- "--show-pkcs11-ids provider [cert_private] : Show PKCS#11 available ids.\n" |
|
| 741 |
+#ifdef DEFAULT_PKCS11_MODULE |
|
| 742 |
+ "--show-pkcs11-ids [provider] [cert_private] : Show PKCS#11 available ids.\n" |
|
| 743 |
+#else |
|
| 744 |
+ "--show-pkcs11-ids provider [cert_private] : Show PKCS#11 available ids.\n" |
|
| 745 |
+#endif |
|
| 742 | 746 |
" --verb option can be added *BEFORE* this.\n" |
| 743 | 747 |
#endif /* ENABLE_PKCS11 */ |
| 744 | 748 |
"\n" |
| ... | ... |
@@ -6935,11 +6939,34 @@ add_option (struct options *options, |
| 6935 | 6935 |
#endif /* ENABLE_SSL */ |
| 6936 | 6936 |
#endif /* ENABLE_CRYPTO */ |
| 6937 | 6937 |
#ifdef ENABLE_PKCS11 |
| 6938 |
- else if (streq (p[0], "show-pkcs11-ids") && p[1]) |
|
| 6938 |
+ else if (streq (p[0], "show-pkcs11-ids")) |
|
| 6939 | 6939 |
{
|
| 6940 | 6940 |
char *provider = p[1]; |
| 6941 | 6941 |
bool cert_private = (p[2] == NULL ? false : ( atoi (p[2]) != 0 )); |
| 6942 | 6942 |
|
| 6943 |
+#ifdef DEFAULT_PKCS11_MODULE |
|
| 6944 |
+ if (!provider) |
|
| 6945 |
+ provider = DEFAULT_PKCS11_MODULE; |
|
| 6946 |
+ else if (!p[2]) |
|
| 6947 |
+ {
|
|
| 6948 |
+ char *endp = NULL; |
|
| 6949 |
+ int i = strtol(provider, &endp, 10); |
|
| 6950 |
+ |
|
| 6951 |
+ if (*endp == 0) |
|
| 6952 |
+ {
|
|
| 6953 |
+ /* There was one argument, and it was purely numeric. |
|
| 6954 |
+ Interpret it as the cert_private argument */ |
|
| 6955 |
+ provider = DEFAULT_PKCS11_MODULE; |
|
| 6956 |
+ cert_private = i; |
|
| 6957 |
+ } |
|
| 6958 |
+ } |
|
| 6959 |
+#else |
|
| 6960 |
+ if (!provider) |
|
| 6961 |
+ {
|
|
| 6962 |
+ msg (msglevel, "--show-pkcs11-ids requires a provider parameter"); |
|
| 6963 |
+ goto err; |
|
| 6964 |
+ } |
|
| 6965 |
+#endif |
|
| 6943 | 6966 |
VERIFY_PERMISSION (OPT_P_GENERAL); |
| 6944 | 6967 |
|
| 6945 | 6968 |
set_debug_level (options->verbosity, SDL_CONSTRAIN); |