Trac: 490
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <1418905506.21260.6.camel@infradead.org>
URL: http://article.gmane.org/gmane.network.openvpn.devel/9355
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit a91a06cb291414c9e657377e44f7a57343ae7f5a)
... | ... |
@@ -5490,11 +5490,17 @@ adapter list. |
5490 | 5490 |
.SS PKCS#11 Standalone Options: |
5491 | 5491 |
.\"********************************************************* |
5492 | 5492 |
.TP |
5493 |
-.B \-\-show-pkcs11-ids provider [cert_private] |
|
5493 |
+.B \-\-show-pkcs11-ids [provider] [cert_private] |
|
5494 | 5494 |
(Standalone) |
5495 | 5495 |
Show PKCS#11 token object list. Specify cert_private as 1 |
5496 | 5496 |
if certificates are stored as private objects. |
5497 | 5497 |
|
5498 |
+If p11-kit is present on the system, the |
|
5499 |
+.B provider |
|
5500 |
+argument is optional; if omitted the default |
|
5501 |
+.B p11-kit-proxy.so |
|
5502 |
+module will be queried. |
|
5503 |
+ |
|
5498 | 5504 |
.B \-\-verb |
5499 | 5505 |
option can be used BEFORE this option to produce debugging information. |
5500 | 5506 |
.\"********************************************************* |
... | ... |
@@ -738,7 +738,11 @@ static const char usage_message[] = |
738 | 738 |
#ifdef ENABLE_PKCS11 |
739 | 739 |
"\n" |
740 | 740 |
"PKCS#11 standalone options:\n" |
741 |
- "--show-pkcs11-ids provider [cert_private] : Show PKCS#11 available ids.\n" |
|
741 |
+#ifdef DEFAULT_PKCS11_MODULE |
|
742 |
+ "--show-pkcs11-ids [provider] [cert_private] : Show PKCS#11 available ids.\n" |
|
743 |
+#else |
|
744 |
+ "--show-pkcs11-ids provider [cert_private] : Show PKCS#11 available ids.\n" |
|
745 |
+#endif |
|
742 | 746 |
" --verb option can be added *BEFORE* this.\n" |
743 | 747 |
#endif /* ENABLE_PKCS11 */ |
744 | 748 |
"\n" |
... | ... |
@@ -6935,11 +6939,34 @@ add_option (struct options *options, |
6935 | 6935 |
#endif /* ENABLE_SSL */ |
6936 | 6936 |
#endif /* ENABLE_CRYPTO */ |
6937 | 6937 |
#ifdef ENABLE_PKCS11 |
6938 |
- else if (streq (p[0], "show-pkcs11-ids") && p[1]) |
|
6938 |
+ else if (streq (p[0], "show-pkcs11-ids")) |
|
6939 | 6939 |
{ |
6940 | 6940 |
char *provider = p[1]; |
6941 | 6941 |
bool cert_private = (p[2] == NULL ? false : ( atoi (p[2]) != 0 )); |
6942 | 6942 |
|
6943 |
+#ifdef DEFAULT_PKCS11_MODULE |
|
6944 |
+ if (!provider) |
|
6945 |
+ provider = DEFAULT_PKCS11_MODULE; |
|
6946 |
+ else if (!p[2]) |
|
6947 |
+ { |
|
6948 |
+ char *endp = NULL; |
|
6949 |
+ int i = strtol(provider, &endp, 10); |
|
6950 |
+ |
|
6951 |
+ if (*endp == 0) |
|
6952 |
+ { |
|
6953 |
+ /* There was one argument, and it was purely numeric. |
|
6954 |
+ Interpret it as the cert_private argument */ |
|
6955 |
+ provider = DEFAULT_PKCS11_MODULE; |
|
6956 |
+ cert_private = i; |
|
6957 |
+ } |
|
6958 |
+ } |
|
6959 |
+#else |
|
6960 |
+ if (!provider) |
|
6961 |
+ { |
|
6962 |
+ msg (msglevel, "--show-pkcs11-ids requires a provider parameter"); |
|
6963 |
+ goto err; |
|
6964 |
+ } |
|
6965 |
+#endif |
|
6943 | 6966 |
VERIFY_PERMISSION (OPT_P_GENERAL); |
6944 | 6967 |
|
6945 | 6968 |
set_debug_level (options->verbosity, SDL_CONSTRAIN); |