Refactored PKCS#11 loading

Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: Gert Doering <gert@greenie.muc.de> Signed-off-by: David Sommerseth <davids@redhat.com>
author: Adriaan de Jong <dejong@fox-it.com> 2011-06-27 14:01:22 +0200
committer: David Sommerseth <davids@redhat.com> 2011-10-19 22:45:01 +0200
commit: d1013cfe957ab3961b8b78486704ddcdecba513b (patch)
tree: 425bbef72d6410c0eb80cf50f300c0ab898c9edf /ssl_openssl.c
parent: 289a8bb806150b418abb64abea26cb4106811850 (diff)
download: openvpn-d1013cfe957ab3961b8b78486704ddcdecba513b.tar.gz
openvpn-d1013cfe957ab3961b8b78486704ddcdecba513b.tar.xz
openvpn-d1013cfe957ab3961b8b78486704ddcdecba513b.zip
1 files changed, 17 insertions, 0 deletions
diff --git a/ssl_openssl.c b/ssl_openssl.c
index 1ba73ef..8f5fa98 100644
--- a/ssl_openssl.c
+++ b/ssl_openssl.c
@@ -313,6 +313,23 @@ tls_ctx_load_pkcs12(struct tls_root_ctx *ctx, const char *pkcs12_file,
   return 0;
 }
 
+#ifdef ENABLE_PKCS11
+int
+tls_ctx_load_pkcs11(struct tls_root_ctx *ctx, bool pkcs11_id_management,
+    const char *pkcs11_id)
+{
+  ASSERT(NULL != ctx);
+
+  /* Load Certificate and Private Key */
+  if (!SSL_CTX_use_pkcs11 (ctx->ctx, pkcs11_id_management, pkcs11_id))
+    {
+      msg (M_WARN, "Cannot load certificate \"%s\" using PKCS#11 interface", pkcs11_id);
+      return 1;
+    }
+  return 0;
+}
+#endif /* ENABLE_PKCS11 */
+
 void
 show_available_tls_ciphers ()
 {
author	Adriaan de Jong <dejong@fox-it.com>	2011-06-27 14:01:22 +0200
committer	David Sommerseth <davids@redhat.com>	2011-10-19 22:45:01 +0200
commit	d1013cfe957ab3961b8b78486704ddcdecba513b (patch)
tree	425bbef72d6410c0eb80cf50f300c0ab898c9edf /ssl_openssl.c
parent	289a8bb806150b418abb64abea26cb4106811850 (diff)
download	openvpn-d1013cfe957ab3961b8b78486704ddcdecba513b.tar.gz openvpn-d1013cfe957ab3961b8b78486704ddcdecba513b.tar.xz openvpn-d1013cfe957ab3961b8b78486704ddcdecba513b.zip