From faffc76117c20a99b842df9403176d86b4758399 Mon Sep 17 00:00:00 2001
From: james <james@e7ae566f-a301-0410-adde-c780ea21d3b5>
Date: Thu, 29 Jun 2006 19:33:09 +0000
Subject: pkcs11 changes:

-r 1046:1053 https://svn.openvpn.net/projects/openvpn/contrib/alon/BETA21

1. Modified ssl.c to not FATAL and return to init.c so auth-retry will work.
2. Modifed pkcs11-helper.c to fix some problem with multiple providers.


git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1070 e7ae566f-a301-0410-adde-c780ea21d3b5
---
 ssl.c | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

(limited to 'ssl.c')

diff --git a/ssl.c b/ssl.c
index 2aa6e4a..c7f1e73 100644
--- a/ssl.c
+++ b/ssl.c
@@ -1143,12 +1143,15 @@ init_ssl (const struct options *options)
 
 #ifdef ENABLE_PKCS11
       if (options->pkcs11_providers[0])
-       {
-        /* Load Certificate and Private Key */
-	if (!SSL_CTX_use_pkcs11 (ctx, options->pkcs11_slot_type, options->pkcs11_slot, options->pkcs11_id_type, options->pkcs11_id))
-	  msg (M_SSLERR, "Cannot load certificate \"%s:%s\" from slot \"%s:%s\" using PKCS#11 interface",
+        {
+         /* Load Certificate and Private Key */
+	 if (!SSL_CTX_use_pkcs11 (ctx, options->pkcs11_slot_type, options->pkcs11_slot, options->pkcs11_id_type, options->pkcs11_id))
+	   {
+	     msg (M_WARN, "Cannot load certificate \"%s:%s\" from slot \"%s:%s\" using PKCS#11 interface",
                options->pkcs11_id_type, options->pkcs11_id, options->pkcs11_slot_type, options->pkcs11_slot);
-       }
+	     goto err;
+	   }
+        }
       else
 #endif
 
-- 
cgit