diff options
author | Alon Bar-Lev <alon.barlev@gmail.com> | 2013-11-12 00:36:06 +0200 |
---|---|---|
committer | Gert Doering <gert@greenie.muc.de> | 2013-12-16 18:29:09 +0100 |
commit | 6575ad483702dd53c0f683093b5f26a87518c6a8 (patch) | |
tree | fde6d92fd47c2b597525154d6e9129691ec32980 | |
parent | 925b8a463b78620c1f856a0224396ac7d53e6295 (diff) | |
download | openvpn-6575ad483702dd53c0f683093b5f26a87518c6a8.tar.gz openvpn-6575ad483702dd53c0f683093b5f26a87518c6a8.tar.xz openvpn-6575ad483702dd53c0f683093b5f26a87518c6a8.zip |
pkcs11: use generic evp key instead of rsa
Enables DSA, ECDSA key usages with newer pkcs11-helper.
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
Tested-By: Sanaullah <sanaullah82@gmail.com>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <1384209366-26170-1-git-send-email-alon.barlev@gmail.com>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7960
Signed-off-by: Gert Doering <gert@greenie.muc.de>
-rw-r--r-- | configure.ac | 2 | ||||
-rw-r--r-- | src/openvpn/pkcs11_openssl.c | 14 |
2 files changed, 8 insertions, 8 deletions
diff --git a/configure.ac b/configure.ac index b181f6d..23e76f6 100644 --- a/configure.ac +++ b/configure.ac @@ -725,7 +725,7 @@ esac PKG_CHECK_MODULES( [PKCS11_HELPER], - [libpkcs11-helper-1 >= 1.02], + [libpkcs11-helper-1 >= 1.11], [have_pkcs11_helper="yes"], [] ) diff --git a/src/openvpn/pkcs11_openssl.c b/src/openvpn/pkcs11_openssl.c index af843b7..87eb166 100644 --- a/src/openvpn/pkcs11_openssl.c +++ b/src/openvpn/pkcs11_openssl.c @@ -49,7 +49,7 @@ pkcs11_init_tls_session(pkcs11h_certificate_t certificate, int ret = 1; X509 *x509 = NULL; - RSA *rsa = NULL; + EVP_PKEY *evp = NULL; pkcs11h_openssl_session_t openssl_session = NULL; if ((openssl_session = pkcs11h_openssl_createSession (certificate)) == NULL) @@ -63,9 +63,9 @@ pkcs11_init_tls_session(pkcs11h_certificate_t certificate, */ certificate = NULL; - if ((rsa = pkcs11h_openssl_session_getRSA (openssl_session)) == NULL) + if ((evp = pkcs11h_openssl_session_getEVP (openssl_session)) == NULL) { - msg (M_WARN, "PKCS#11: Unable get rsa object"); + msg (M_WARN, "PKCS#11: Unable get evp object"); goto cleanup; } @@ -75,7 +75,7 @@ pkcs11_init_tls_session(pkcs11h_certificate_t certificate, goto cleanup; } - if (!SSL_CTX_use_RSAPrivateKey (ssl_ctx->ctx, rsa)) + if (!SSL_CTX_use_PrivateKey (ssl_ctx->ctx, evp)) { msg (M_WARN, "PKCS#11: Cannot set private key for openssl"); goto cleanup; @@ -108,10 +108,10 @@ cleanup: x509 = NULL; } - if (rsa != NULL) + if (evp != NULL) { - RSA_free (rsa); - rsa = NULL; + EVP_PKEY_free (evp); + evp = NULL; } if (openssl_session != NULL) |