From 3c6d32205db88348c07c720b710b41548497819c Mon Sep 17 00:00:00 2001
From: David Woodhouse <dwmw2@infradead.org>
Date: Thu, 11 Dec 2014 13:03:35 +0000
Subject: pkcs11: Load p11-kit-proxy.so module by default

If the user specifies --pkcs11-id or --pkcs-id-management but neglects
to explicitly provide a --pkcs11-provider argument, and if the system
has p11-kit installed, then load the p11-kit proxy module so that the
system-configured tokens are available.

Trac: 490
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <1418303015.31745.78.camel@infradead.org>
URL: http://article.gmane.org/gmane.network.openvpn.devel/9342
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit 6f1d3cf062d5c33cbad4d521d157d43d53ffc7d1)
---
 src/openvpn/options.c | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'src/openvpn/options.c')

diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index f0091c2..b33eb4a 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -2447,6 +2447,15 @@ options_postprocess_mutate_invariant (struct options *options)
 #endif
     }
 #endif
+
+#ifdef DEFAULT_PKCS11_MODULE
+  /* If p11-kit is present on the system then load its p11-kit-proxy.so
+     by default if the user asks for PKCS#11 without otherwise specifying
+     the module to use. */
+  if (!options->pkcs11_providers[0] &&
+      (options->pkcs11_id || options->pkcs11_id_management))
+    options->pkcs11_providers[0] = DEFAULT_PKCS11_MODULE;
+#endif
 }
 
 static void
-- 
cgit