Added a warning that the PolarSSL library does not support pkcs12 files.

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>

3 files changed, 6 insertions, 0 deletions

diff --git a/openvpn.8 b/openvpn.8
index c585da4..8e8ea8f 100644
--- a/openvpn.8
+++ b/openvpn.8
@@ -4041,6 +4041,7 @@ This option can be used instead of
 .B \-\-ca, \-\-cert,
 and
 .B \-\-key.
+Not available with PolarSSL.
 .\"*********************************************************
 .TP
 .B \-\-verify-hash hash
diff --git a/options.c b/options.c
index 9ed32b6..68c2a69 100644
--- a/options.c
+++ b/options.c
@@ -2265,12 +2265,16 @@ options_postprocess_verify_ce (const struct options *options, const struct conne
 #endif
       if (options->pkcs12_file)
         {
+#ifdef USE_POLARSSL
+	  msg(M_USAGE, "Parameter --pkcs12 cannot be used with the PolarSSL version version of OpenVPN.");
+#else
           if (options->ca_path)
 	    msg(M_USAGE, "Parameter --capath cannot be used when --pkcs12 is also specified.");
           if (options->cert_file)
 	    msg(M_USAGE, "Parameter --cert cannot be used when --pkcs12 is also specified.");
           if (options->priv_key_file)
 	    msg(M_USAGE, "Parameter --key cannot be used when --pkcs12 is also specified.");
+#endif
         }
       else
         {
diff --git a/ssl_polarssl.c b/ssl_polarssl.c
index 7ea20ca..d45156a 100644
--- a/ssl_polarssl.c
+++ b/ssl_polarssl.c
@@ -220,6 +220,7 @@ tls_ctx_load_pkcs12(struct tls_root_ctx *ctx, const char *pkcs12_file,
     )
 {
   msg(M_FATAL, "PKCS #12 files not yet supported for PolarSSL.");
+  return 0;
 }
 
 #ifdef WIN32