mirror of
https://github.com/OpenVPN/openvpn.git
synced 2024-09-20 12:02:28 +02:00
Make 'provider' option to --show-pkcs11-ids optional where p11-kit is present
Trac: 490 Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Acked-by: Steffan Karger <steffan.karger@fox-it.com> Message-Id: <1418905506.21260.6.camel@infradead.org> URL: http://article.gmane.org/gmane.network.openvpn.devel/9355 Signed-off-by: Gert Doering <gert@greenie.muc.de>
This commit is contained in:
parent
6f1d3cf062
commit
a91a06cb29
@ -5461,11 +5461,17 @@ adapter list.
|
||||
.SS PKCS#11 Standalone Options:
|
||||
.\"*********************************************************
|
||||
.TP
|
||||
.B \-\-show-pkcs11-ids provider [cert_private]
|
||||
.B \-\-show-pkcs11-ids [provider] [cert_private]
|
||||
(Standalone)
|
||||
Show PKCS#11 token object list. Specify cert_private as 1
|
||||
if certificates are stored as private objects.
|
||||
|
||||
If p11-kit is present on the system, the
|
||||
.B provider
|
||||
argument is optional; if omitted the default
|
||||
.B p11-kit-proxy.so
|
||||
module will be queried.
|
||||
|
||||
.B \-\-verb
|
||||
option can be used BEFORE this option to produce debugging information.
|
||||
.\"*********************************************************
|
||||
|
@ -740,7 +740,11 @@ static const char usage_message[] =
|
||||
#ifdef ENABLE_PKCS11
|
||||
"\n"
|
||||
"PKCS#11 standalone options:\n"
|
||||
"--show-pkcs11-ids provider [cert_private] : Show PKCS#11 available ids.\n"
|
||||
#ifdef DEFAULT_PKCS11_MODULE
|
||||
"--show-pkcs11-ids [provider] [cert_private] : Show PKCS#11 available ids.\n"
|
||||
#else
|
||||
"--show-pkcs11-ids provider [cert_private] : Show PKCS#11 available ids.\n"
|
||||
#endif
|
||||
" --verb option can be added *BEFORE* this.\n"
|
||||
#endif /* ENABLE_PKCS11 */
|
||||
"\n"
|
||||
@ -6930,11 +6934,34 @@ add_option (struct options *options,
|
||||
#endif /* ENABLE_SSL */
|
||||
#endif /* ENABLE_CRYPTO */
|
||||
#ifdef ENABLE_PKCS11
|
||||
else if (streq (p[0], "show-pkcs11-ids") && p[1])
|
||||
else if (streq (p[0], "show-pkcs11-ids"))
|
||||
{
|
||||
char *provider = p[1];
|
||||
bool cert_private = (p[2] == NULL ? false : ( atoi (p[2]) != 0 ));
|
||||
|
||||
#ifdef DEFAULT_PKCS11_MODULE
|
||||
if (!provider)
|
||||
provider = DEFAULT_PKCS11_MODULE;
|
||||
else if (!p[2])
|
||||
{
|
||||
char *endp = NULL;
|
||||
int i = strtol(provider, &endp, 10);
|
||||
|
||||
if (*endp == 0)
|
||||
{
|
||||
/* There was one argument, and it was purely numeric.
|
||||
Interpret it as the cert_private argument */
|
||||
provider = DEFAULT_PKCS11_MODULE;
|
||||
cert_private = i;
|
||||
}
|
||||
}
|
||||
#else
|
||||
if (!provider)
|
||||
{
|
||||
msg (msglevel, "--show-pkcs11-ids requires a provider parameter");
|
||||
goto err;
|
||||
}
|
||||
#endif
|
||||
VERIFY_PERMISSION (OPT_P_GENERAL);
|
||||
|
||||
set_debug_level (options->verbosity, SDL_CONSTRAIN);
|
||||
|
Loading…
Reference in New Issue
Block a user