diff options
-rw-r--r-- | cryptoapi.c | 2 | ||||
-rw-r--r-- | openvpn.8 | 2 | ||||
-rw-r--r-- | options.c | 8 | ||||
-rw-r--r-- | options.h | 2 | ||||
-rw-r--r-- | ssl.c | 2 | ||||
-rw-r--r-- | ssl_backend.h | 2 | ||||
-rw-r--r-- | ssl_openssl.c | 2 | ||||
-rw-r--r-- | ssl_polarssl.c | 2 | ||||
-rw-r--r-- | syshead.h | 7 |
9 files changed, 18 insertions, 11 deletions
diff --git a/cryptoapi.c b/cryptoapi.c index 3365cd7..a825126 100644 --- a/cryptoapi.c +++ b/cryptoapi.c @@ -30,7 +30,7 @@ #include "syshead.h" -#if defined(WIN32) && defined(USE_CRYPTO) && defined(USE_SSL) +#ifdef ENABLE_CRYPTOAPI #include <openssl/ssl.h> #include <openssl/err.h> @@ -4118,7 +4118,7 @@ Mode is encoded as hex number, and can be a mask one of the following: .TP .B \-\-cryptoapicert select-string Load the certificate and private key from the -Windows Certificate System Store (Windows Only). +Windows Certificate System Store (Windows/OpenSSL Only). Use this option instead of .B \-\-cert @@ -1562,7 +1562,7 @@ show_settings (const struct options *o) SHOW_STR (cert_file); SHOW_STR (priv_key_file); SHOW_STR (pkcs12_file); -#ifdef WIN32 +#ifdef ENABLE_CRYPTOAPI SHOW_STR (cryptoapi_cert); #endif SHOW_STR (cipher_list); @@ -2242,14 +2242,14 @@ options_postprocess_verify_ce (const struct options *options, const struct conne msg(M_USAGE, "Parameter --key cannot be used when --pkcs11-provider is also specified."); if (options->pkcs12_file) msg(M_USAGE, "Parameter --pkcs12 cannot be used when --pkcs11-provider is also specified."); -#ifdef WIN32 +#ifdef ENABLE_CRYPTOAPI if (options->cryptoapi_cert) msg(M_USAGE, "Parameter --cryptoapicert cannot be used when --pkcs11-provider is also specified."); #endif } else #endif -#ifdef WIN32 +#ifdef ENABLE_CRYPTOAPI if (options->cryptoapi_cert) { if ((!(options->ca_file)) && (!(options->ca_path))) @@ -6230,7 +6230,7 @@ add_option (struct options *options, VERIFY_PERMISSION (OPT_P_GENERAL); options->verify_hash = parse_hash_fingerprint(p[1], SHA_DIGEST_LENGTH, msglevel, &options->gc); } -#ifdef WIN32 +#ifdef ENABLE_CRYPTOAPI else if (streq (p[0], "cryptoapicert") && p[1]) { VERIFY_PERMISSION (OPT_P_GENERAL); @@ -555,7 +555,7 @@ struct options bool pkcs11_id_management; #endif -#ifdef WIN32 +#ifdef ENABLE_CRYPTOAPI const char *cryptoapi_cert; #endif @@ -336,7 +336,7 @@ init_ssl (const struct options *options, struct tls_root_ctx *new_ctx) } } #endif -#ifdef WIN32 +#ifdef ENABLE_CRYPTOAPI else if (options->cryptoapi_cert) { tls_ctx_load_cryptoapi(new_ctx, options->cryptoapi_cert); diff --git a/ssl_backend.h b/ssl_backend.h index 022e038..b67421c 100644 --- a/ssl_backend.h +++ b/ssl_backend.h @@ -170,7 +170,7 @@ int tls_ctx_load_pkcs12(struct tls_root_ctx *ctx, const char *pkcs12_file, * @param ctx TLS context to use * @param crypto_api_cert String representing the certificate to load. */ -#ifdef WIN32 +#ifdef ENABLE_CRYPTOAPI void tls_ctx_load_cryptoapi(struct tls_root_ctx *ctx, const char *cryptoapi_cert); #endif /* WIN32 */ diff --git a/ssl_openssl.c b/ssl_openssl.c index 35f9b14..f36b319 100644 --- a/ssl_openssl.c +++ b/ssl_openssl.c @@ -323,7 +323,7 @@ tls_ctx_load_pkcs12(struct tls_root_ctx *ctx, const char *pkcs12_file, return 0; } -#ifdef WIN32 +#ifdef ENABLE_CRYPTOAPI void tls_ctx_load_cryptoapi(struct tls_root_ctx *ctx, const char *cryptoapi_cert) { diff --git a/ssl_polarssl.c b/ssl_polarssl.c index d45156a..032a356 100644 --- a/ssl_polarssl.c +++ b/ssl_polarssl.c @@ -223,7 +223,7 @@ tls_ctx_load_pkcs12(struct tls_root_ctx *ctx, const char *pkcs12_file, return 0; } -#ifdef WIN32 +#ifdef ENABLE_CRYPTOAPI void tls_ctx_load_cryptoapi(struct tls_root_ctx *ctx, const char *cryptoapi_cert) { @@ -618,6 +618,13 @@ socket_defined (const socket_descriptor_t sd) #endif /* + * Do we have CryptoAPI capability? + */ +#if defined(WIN32) && defined(USE_CRYPTO) && defined(USE_SSL) && defined(USE_OPENSSL) +#define ENABLE_CRYPTOAPI +#endif + +/* * Enable x509-track feature? */ #if defined(USE_CRYPTO) && defined(USE_SSL) && defined USE_OPENSSL |