diff options
| author | David Woodhouse <dwmw2@infradead.org> | 2014-12-18 12:25:06 +0000 |
|---|---|---|
| committer | Gert Doering <gert@greenie.muc.de> | 2014-12-27 15:19:15 +0100 |
| commit | 7c1d614c5c5282a73cb799f919eac6750363783a (patch) | |
| tree | ec2191fd345c7352f566a6b3e58087b537bdbe2a | |
| parent | 3c6d32205db88348c07c720b710b41548497819c (diff) | |
| download | openvpn-7c1d614c5c5282a73cb799f919eac6750363783a.tar.gz openvpn-7c1d614c5c5282a73cb799f919eac6750363783a.tar.xz openvpn-7c1d614c5c5282a73cb799f919eac6750363783a.zip | |
Make 'provider' option to --show-pkcs11-ids optional where p11-kit is present
Trac: 490
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <1418905506.21260.6.camel@infradead.org>
URL: http://article.gmane.org/gmane.network.openvpn.devel/9355
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit a91a06cb291414c9e657377e44f7a57343ae7f5a)
| -rw-r--r-- | doc/openvpn.8 | 8 | ||||
| -rw-r--r-- | src/openvpn/options.c | 31 |
2 files changed, 36 insertions, 3 deletions
diff --git a/doc/openvpn.8 b/doc/openvpn.8 index 0bdea1f..49183ee 100644 --- a/doc/openvpn.8 +++ b/doc/openvpn.8 @@ -5490,11 +5490,17 @@ adapter list. .SS PKCS#11 Standalone Options: .\"********************************************************* .TP -.B \-\-show-pkcs11-ids provider [cert_private] +.B \-\-show-pkcs11-ids [provider] [cert_private] (Standalone) Show PKCS#11 token object list. Specify cert_private as 1 if certificates are stored as private objects. +If p11-kit is present on the system, the +.B provider +argument is optional; if omitted the default +.B p11-kit-proxy.so +module will be queried. + .B \-\-verb option can be used BEFORE this option to produce debugging information. .\"********************************************************* diff --git a/src/openvpn/options.c b/src/openvpn/options.c index b33eb4a..5e8d9dc 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -738,7 +738,11 @@ static const char usage_message[] = #ifdef ENABLE_PKCS11 "\n" "PKCS#11 standalone options:\n" - "--show-pkcs11-ids provider [cert_private] : Show PKCS#11 available ids.\n" +#ifdef DEFAULT_PKCS11_MODULE + "--show-pkcs11-ids [provider] [cert_private] : Show PKCS#11 available ids.\n" +#else + "--show-pkcs11-ids provider [cert_private] : Show PKCS#11 available ids.\n" +#endif " --verb option can be added *BEFORE* this.\n" #endif /* ENABLE_PKCS11 */ "\n" @@ -6935,11 +6939,34 @@ add_option (struct options *options, #endif /* ENABLE_SSL */ #endif /* ENABLE_CRYPTO */ #ifdef ENABLE_PKCS11 - else if (streq (p[0], "show-pkcs11-ids") && p[1]) + else if (streq (p[0], "show-pkcs11-ids")) { char *provider = p[1]; bool cert_private = (p[2] == NULL ? false : ( atoi (p[2]) != 0 )); +#ifdef DEFAULT_PKCS11_MODULE + if (!provider) + provider = DEFAULT_PKCS11_MODULE; + else if (!p[2]) + { + char *endp = NULL; + int i = strtol(provider, &endp, 10); + + if (*endp == 0) + { + /* There was one argument, and it was purely numeric. + Interpret it as the cert_private argument */ + provider = DEFAULT_PKCS11_MODULE; + cert_private = i; + } + } +#else + if (!provider) + { + msg (msglevel, "--show-pkcs11-ids requires a provider parameter"); + goto err; + } +#endif VERIFY_PERMISSION (OPT_P_GENERAL); set_debug_level (options->verbosity, SDL_CONSTRAIN); |