Disable CryptoAPI when not using OpenSSL, and document that fact.

Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Acked-by: Gert Doering <gert@greenie.muc.de> Signed-off-by: David Sommerseth <davids@redhat.com>
author: Adriaan de Jong <dejong@fox-it.com> 2011-07-05 10:16:46 +0200
committer: David Sommerseth <davids@redhat.com> 2011-10-22 16:00:49 +0200
commit: 93c22ecc635bc5047468629f2a5423a153910c0b (patch)
tree: 365abadaa9408258b919ec169fdfdaf10a6a76dd
parent: 8d26c253e8f62d67b51d50f82c333ed4412000ac (diff)
download: openvpn-93c22ecc635bc5047468629f2a5423a153910c0b.tar.gz
openvpn-93c22ecc635bc5047468629f2a5423a153910c0b.tar.xz
openvpn-93c22ecc635bc5047468629f2a5423a153910c0b.zip
9 files changed, 18 insertions, 11 deletions
diff --git a/cryptoapi.c b/cryptoapi.c
index 3365cd7..a825126 100644
--- a/cryptoapi.c
+++ b/cryptoapi.c
@@ -30,7 +30,7 @@
 
 #include "syshead.h"
 
-#if defined(WIN32) && defined(USE_CRYPTO) && defined(USE_SSL)
+#ifdef ENABLE_CRYPTOAPI
 
 #include <openssl/ssl.h>
 #include <openssl/err.h>
diff --git a/openvpn.8 b/openvpn.8
index 4e3b87b..12547c4 100644
--- a/openvpn.8
+++ b/openvpn.8
@@ -4118,7 +4118,7 @@ Mode is encoded as hex number, and can be a mask one of the following:
 .TP
 .B \-\-cryptoapicert select-string
 Load the certificate and private key from the
-Windows Certificate System Store (Windows Only).
+Windows Certificate System Store (Windows/OpenSSL Only).
 
 Use this option instead of
 .B \-\-cert
diff --git a/options.c b/options.c
index 635cef2..8ee24a0 100644
--- a/options.c
+++ b/options.c
@@ -1562,7 +1562,7 @@ show_settings (const struct options *o)
   SHOW_STR (cert_file);
   SHOW_STR (priv_key_file);
   SHOW_STR (pkcs12_file);
-#ifdef WIN32
+#ifdef ENABLE_CRYPTOAPI
   SHOW_STR (cryptoapi_cert);
 #endif
   SHOW_STR (cipher_list);
@@ -2242,14 +2242,14 @@ options_postprocess_verify_ce (const struct options *options, const struct conne
 	  msg(M_USAGE, "Parameter --key cannot be used when --pkcs11-provider is also specified.");
 	if (options->pkcs12_file)
 	  msg(M_USAGE, "Parameter --pkcs12 cannot be used when --pkcs11-provider is also specified.");
-#ifdef WIN32
+#ifdef ENABLE_CRYPTOAPI
 	if (options->cryptoapi_cert)
 	  msg(M_USAGE, "Parameter --cryptoapicert cannot be used when --pkcs11-provider is also specified.");
 #endif
        }
       else
 #endif
-#ifdef WIN32
+#ifdef ENABLE_CRYPTOAPI
       if (options->cryptoapi_cert)
 	{
 	  if ((!(options->ca_file)) && (!(options->ca_path)))
@@ -6230,7 +6230,7 @@ add_option (struct options *options,
       VERIFY_PERMISSION (OPT_P_GENERAL);
       options->verify_hash = parse_hash_fingerprint(p[1], SHA_DIGEST_LENGTH, msglevel, &options->gc);
     }
-#ifdef WIN32
+#ifdef ENABLE_CRYPTOAPI
   else if (streq (p[0], "cryptoapicert") && p[1])
     {
       VERIFY_PERMISSION (OPT_P_GENERAL);
diff --git a/options.h b/options.h
index 8532402..abdddba 100644
--- a/options.h
+++ b/options.h
@@ -555,7 +555,7 @@ struct options
   bool pkcs11_id_management;
 #endif
 
-#ifdef WIN32
+#ifdef ENABLE_CRYPTOAPI
   const char *cryptoapi_cert;
 #endif
 
diff --git a/ssl.c b/ssl.c
index 1607630..e2f0810 100644
--- a/ssl.c
+++ b/ssl.c
@@ -336,7 +336,7 @@ init_ssl (const struct options *options, struct tls_root_ctx *new_ctx)
 	}
     }
 #endif
-#ifdef WIN32
+#ifdef ENABLE_CRYPTOAPI
   else if (options->cryptoapi_cert)
     {
       tls_ctx_load_cryptoapi(new_ctx, options->cryptoapi_cert);
diff --git a/ssl_backend.h b/ssl_backend.h
index 022e038..b67421c 100644
--- a/ssl_backend.h
+++ b/ssl_backend.h
@@ -170,7 +170,7 @@ int tls_ctx_load_pkcs12(struct tls_root_ctx *ctx, const char *pkcs12_file,
  * @param ctx			TLS context to use
  * @param crypto_api_cert	String representing the certificate to load.
  */
-#ifdef WIN32
+#ifdef ENABLE_CRYPTOAPI
 void tls_ctx_load_cryptoapi(struct tls_root_ctx *ctx, const char *cryptoapi_cert);
 #endif /* WIN32 */
 
diff --git a/ssl_openssl.c b/ssl_openssl.c
index 35f9b14..f36b319 100644
--- a/ssl_openssl.c
+++ b/ssl_openssl.c
@@ -323,7 +323,7 @@ tls_ctx_load_pkcs12(struct tls_root_ctx *ctx, const char *pkcs12_file,
   return 0;
 }
 
-#ifdef WIN32
+#ifdef ENABLE_CRYPTOAPI
 void
 tls_ctx_load_cryptoapi(struct tls_root_ctx *ctx, const char *cryptoapi_cert)
 {
diff --git a/ssl_polarssl.c b/ssl_polarssl.c
index d45156a..032a356 100644
--- a/ssl_polarssl.c
+++ b/ssl_polarssl.c
@@ -223,7 +223,7 @@ tls_ctx_load_pkcs12(struct tls_root_ctx *ctx, const char *pkcs12_file,
   return 0;
 }
 
-#ifdef WIN32
+#ifdef ENABLE_CRYPTOAPI
 void
 tls_ctx_load_cryptoapi(struct tls_root_ctx *ctx, const char *cryptoapi_cert)
 {
diff --git a/syshead.h b/syshead.h
index 56bba0f..0addcd7 100644
--- a/syshead.h
+++ b/syshead.h
@@ -618,6 +618,13 @@ socket_defined (const socket_descriptor_t sd)
 #endif
 
 /*
+ * Do we have CryptoAPI capability?
+ */
+#if defined(WIN32) && defined(USE_CRYPTO) && defined(USE_SSL) && defined(USE_OPENSSL)
+#define ENABLE_CRYPTOAPI
+#endif
+
+/*
  * Enable x509-track feature?
  */
 #if defined(USE_CRYPTO) && defined(USE_SSL) && defined USE_OPENSSL
author	Adriaan de Jong <dejong@fox-it.com>	2011-07-05 10:16:46 +0200
committer	David Sommerseth <davids@redhat.com>	2011-10-22 16:00:49 +0200
commit	93c22ecc635bc5047468629f2a5423a153910c0b (patch)
tree	365abadaa9408258b919ec169fdfdaf10a6a76dd
parent	8d26c253e8f62d67b51d50f82c333ed4412000ac (diff)
download	openvpn-93c22ecc635bc5047468629f2a5423a153910c0b.tar.gz openvpn-93c22ecc635bc5047468629f2a5423a153910c0b.tar.xz openvpn-93c22ecc635bc5047468629f2a5423a153910c0b.zip