From 6dad4f8e924086333d32122432f316a17ae67987 Mon Sep 17 00:00:00 2001 From: Arne Schwabe Date: Mon, 10 Sep 2012 16:39:33 +0200 Subject: Add checks for external-key-managements Commit 4806cc102655f1a829d656f6deb83e5953c5eab2 fixed only part of the problem. Since it removed the filename either the magic filename has to be resurrected or all checks against priv_key_file need to take to check for MF_EXTERNAL_KEY as well. This patch implements the extra checks Signed-off-by: Arne Schwabe Acked-by: David Sommerseth Message-Id: 1347287973-12398-1-git-send-email-arne@rfc2549.org URL: http://article.gmane.org/gmane.network.openvpn.devel/7046 Signed-off-by: David Sommerseth --- src/openvpn/options.c | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/src/openvpn/options.c b/src/openvpn/options.c index d25bbea..05d3523 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -2176,6 +2176,10 @@ options_postprocess_verify_ce (const struct options *options, const struct conne msg(M_USAGE, "Parameter --cert cannot be used when --pkcs11-provider is also specified."); if (options->priv_key_file) msg(M_USAGE, "Parameter --key cannot be used when --pkcs11-provider is also specified."); +#ifdef MANAGMENT_EXTERNAL_KEY + if (options->management_flags & MF_EXTERNAL_KEY) + msg(M_USAGE, "Parameter --management-external-key cannot be used when --pkcs11-provider is also specified."); +#endif if (options->pkcs12_file) msg(M_USAGE, "Parameter --pkcs12 cannot be used when --pkcs11-provider is also specified."); #ifdef ENABLE_CRYPTOAPI @@ -2201,6 +2205,10 @@ options_postprocess_verify_ce (const struct options *options, const struct conne msg(M_USAGE, "Parameter --key cannot be used when --cryptoapicert is also specified."); if (options->pkcs12_file) msg(M_USAGE, "Parameter --pkcs12 cannot be used when --cryptoapicert is also specified."); +#ifdef MANAGMENT_EXTERNAL_KEY + if (options->management_flags & MF_EXTERNAL_KEY) + msg(M_USAGE, "Parameter --management-external-key cannot be used when --cryptoapicert is also specified."); +#endif } else #endif @@ -2215,6 +2223,10 @@ options_postprocess_verify_ce (const struct options *options, const struct conne msg(M_USAGE, "Parameter --cert cannot be used when --pkcs12 is also specified."); if (options->priv_key_file) msg(M_USAGE, "Parameter --key cannot be used when --pkcs12 is also specified."); +#ifdef MANAGMENT_EXTERNAL_KEY + if (options->management_flags & MF_EXTERNAL_KEY) + msg(M_USAGE, "Parameter --external-management-key cannot be used when --pkcs12 is also specified."); +#endif #endif } else @@ -2230,7 +2242,15 @@ options_postprocess_verify_ce (const struct options *options, const struct conne #endif if (pull) { - const int sum = (options->cert_file != NULL) + (options->priv_key_file != NULL); + + const int sum = (options->cert_file != NULL) + +#ifdef MANAGMENT_EXTERNAL_KEY + ((options->priv_key_file != NULL) || (options->management_flags & MF_EXTERNAL_KEY)); +#else + (options->priv_key_file != NULL); +#endif + + if (sum == 0) { #if P2MP @@ -2248,6 +2268,9 @@ options_postprocess_verify_ce (const struct options *options, const struct conne else { notnull (options->cert_file, "certificate file (--cert) or PKCS#12 file (--pkcs12)"); +#ifdef MANAGMENT_EXTERNAL_KEY + if (!options->management_flags & MF_EXTERNAL_KEY) +#endif notnull (options->priv_key_file, "private key file (--key) or PKCS#12 file (--pkcs12)"); } } -- cgit