diff options
| author | Arne Schwabe <arne@rfc2549.org> | 2012-09-10 16:39:33 +0200 |
|---|---|---|
| committer | David Sommerseth <davids@redhat.com> | 2012-09-11 18:52:57 +0200 |
| commit | 6dad4f8e924086333d32122432f316a17ae67987 (patch) | |
| tree | 2e66bffb74a2cccdfa200dfca96ac4fde79c7d9a | |
| parent | 341e6bb67f072731d75769ce875633e544544062 (diff) | |
| download | openvpn-6dad4f8e924086333d32122432f316a17ae67987.tar.gz openvpn-6dad4f8e924086333d32122432f316a17ae67987.tar.xz openvpn-6dad4f8e924086333d32122432f316a17ae67987.zip | |
Add checks for external-key-managements
Commit 4806cc102655f1a829d656f6deb83e5953c5eab2 fixed only part of the
problem. Since it removed the filename either the magic filename has to be
resurrected or all checks against priv_key_file need to take to check for
MF_EXTERNAL_KEY as well. This patch implements the extra checks
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: David Sommerseth <davids@redhat.com>
Message-Id: 1347287973-12398-1-git-send-email-arne@rfc2549.org
URL: http://article.gmane.org/gmane.network.openvpn.devel/7046
Signed-off-by: David Sommerseth <davids@redhat.com>
| -rw-r--r-- | src/openvpn/options.c | 25 |
1 files changed, 24 insertions, 1 deletions
diff --git a/src/openvpn/options.c b/src/openvpn/options.c index d25bbea..05d3523 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -2176,6 +2176,10 @@ options_postprocess_verify_ce (const struct options *options, const struct conne msg(M_USAGE, "Parameter --cert cannot be used when --pkcs11-provider is also specified."); if (options->priv_key_file) msg(M_USAGE, "Parameter --key cannot be used when --pkcs11-provider is also specified."); +#ifdef MANAGMENT_EXTERNAL_KEY + if (options->management_flags & MF_EXTERNAL_KEY) + msg(M_USAGE, "Parameter --management-external-key cannot be used when --pkcs11-provider is also specified."); +#endif if (options->pkcs12_file) msg(M_USAGE, "Parameter --pkcs12 cannot be used when --pkcs11-provider is also specified."); #ifdef ENABLE_CRYPTOAPI @@ -2201,6 +2205,10 @@ options_postprocess_verify_ce (const struct options *options, const struct conne msg(M_USAGE, "Parameter --key cannot be used when --cryptoapicert is also specified."); if (options->pkcs12_file) msg(M_USAGE, "Parameter --pkcs12 cannot be used when --cryptoapicert is also specified."); +#ifdef MANAGMENT_EXTERNAL_KEY + if (options->management_flags & MF_EXTERNAL_KEY) + msg(M_USAGE, "Parameter --management-external-key cannot be used when --cryptoapicert is also specified."); +#endif } else #endif @@ -2215,6 +2223,10 @@ options_postprocess_verify_ce (const struct options *options, const struct conne msg(M_USAGE, "Parameter --cert cannot be used when --pkcs12 is also specified."); if (options->priv_key_file) msg(M_USAGE, "Parameter --key cannot be used when --pkcs12 is also specified."); +#ifdef MANAGMENT_EXTERNAL_KEY + if (options->management_flags & MF_EXTERNAL_KEY) + msg(M_USAGE, "Parameter --external-management-key cannot be used when --pkcs12 is also specified."); +#endif #endif } else @@ -2230,7 +2242,15 @@ options_postprocess_verify_ce (const struct options *options, const struct conne #endif if (pull) { - const int sum = (options->cert_file != NULL) + (options->priv_key_file != NULL); + + const int sum = (options->cert_file != NULL) + +#ifdef MANAGMENT_EXTERNAL_KEY + ((options->priv_key_file != NULL) || (options->management_flags & MF_EXTERNAL_KEY)); +#else + (options->priv_key_file != NULL); +#endif + + if (sum == 0) { #if P2MP @@ -2248,6 +2268,9 @@ options_postprocess_verify_ce (const struct options *options, const struct conne else { notnull (options->cert_file, "certificate file (--cert) or PKCS#12 file (--pkcs12)"); +#ifdef MANAGMENT_EXTERNAL_KEY + if (!options->management_flags & MF_EXTERNAL_KEY) +#endif notnull (options->priv_key_file, "private key file (--key) or PKCS#12 file (--pkcs12)"); } } |