diff options
author | Adriaan de Jong <dejong@fox-it.com> | 2011-06-27 14:01:22 +0200 |
---|---|---|
committer | David Sommerseth <davids@redhat.com> | 2011-10-19 22:45:01 +0200 |
commit | d1013cfe957ab3961b8b78486704ddcdecba513b (patch) | |
tree | 425bbef72d6410c0eb80cf50f300c0ab898c9edf /ssl_openssl.c | |
parent | 289a8bb806150b418abb64abea26cb4106811850 (diff) | |
download | openvpn-d1013cfe957ab3961b8b78486704ddcdecba513b.tar.gz openvpn-d1013cfe957ab3961b8b78486704ddcdecba513b.tar.xz openvpn-d1013cfe957ab3961b8b78486704ddcdecba513b.zip |
Refactored PKCS#11 loading
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
Diffstat (limited to 'ssl_openssl.c')
-rw-r--r-- | ssl_openssl.c | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/ssl_openssl.c b/ssl_openssl.c index 1ba73ef..8f5fa98 100644 --- a/ssl_openssl.c +++ b/ssl_openssl.c @@ -313,6 +313,23 @@ tls_ctx_load_pkcs12(struct tls_root_ctx *ctx, const char *pkcs12_file, return 0; } +#ifdef ENABLE_PKCS11 +int +tls_ctx_load_pkcs11(struct tls_root_ctx *ctx, bool pkcs11_id_management, + const char *pkcs11_id) +{ + ASSERT(NULL != ctx); + + /* Load Certificate and Private Key */ + if (!SSL_CTX_use_pkcs11 (ctx->ctx, pkcs11_id_management, pkcs11_id)) + { + msg (M_WARN, "Cannot load certificate \"%s\" using PKCS#11 interface", pkcs11_id); + return 1; + } + return 0; +} +#endif /* ENABLE_PKCS11 */ + void show_available_tls_ciphers () { |