diff options
| author | james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> | 2006-06-29 19:33:09 +0000 |
|---|---|---|
| committer | james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> | 2006-06-29 19:33:09 +0000 |
| commit | faffc76117c20a99b842df9403176d86b4758399 (patch) | |
| tree | 63e35a6e77a57a6ddd294ee6b25e8f0e958a8ee9 | |
| parent | Added two new management states: (diff) | |
| download | openvpn-faffc76117c20a99b842df9403176d86b4758399.tar.xz | |
pkcs11 changes:
-r 1046:1053 https://svn.openvpn.net/projects/openvpn/contrib/alon/BETA21
1. Modified ssl.c to not FATAL and return to init.c so auth-retry will work.
2. Modifed pkcs11-helper.c to fix some problem with multiple providers.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1070 e7ae566f-a301-0410-adde-c780ea21d3b5
Diffstat (limited to '')
| -rw-r--r-- | pkcs11-helper.c | 32 | ||||
| -rw-r--r-- | ssl.c | 13 |
2 files changed, 28 insertions, 17 deletions
diff --git a/pkcs11-helper.c b/pkcs11-helper.c index fd8f7f1..391d91f 100644 --- a/pkcs11-helper.c +++ b/pkcs11-helper.c @@ -59,6 +59,10 @@ /* * Changelog * + * 2006.06.26 + * - (alonbl) Fix handling mutiple providers. + * - (alonbl) Release 01.01. + * * 2006.05.14 * - (alonbl) First stable release. * - (alonbl) Release 01.00. @@ -2366,6 +2370,13 @@ _pkcs11h_getSlotList ( *pSlotList = NULL; *pulCount = 0; + if ( + rv == CKR_OK && + !provider->fEnabled + ) { + rv = CKR_CRYPTOKI_NOT_INITIALIZED; + } + if (rv == CKR_OK) { rv = provider->f->C_GetSlotList ( tokenPresent, @@ -3032,17 +3043,14 @@ _pkcs11h_resetSession ( CK_SLOT_ID slot_index; /* - * Skip disabled providers * Skip all other providers, * if one was set in the past */ - if (session->provider != NULL) { - if (!session->provider->fEnabled) { - continue; - } - if (session->provider != current_provider) { - continue; - } + if ( + session->provider != NULL && + session->provider != current_provider + ) { + rv = CKR_CANCEL; } if (rv == CKR_OK) { @@ -6067,7 +6075,7 @@ _pkcs11h_locate_getTokenIdBySlotName ( CK_SLOT_ID slot_index; if (!current_provider->fEnabled) { - continue; + rv = CKR_CRYPTOKI_NOT_INITIALIZED; } if (rv == CKR_OK) { @@ -6214,7 +6222,7 @@ _pkcs11h_locate_getTokenIdByLabel ( CK_SLOT_ID slot_index; if (!current_provider->fEnabled) { - continue; + rv = CKR_CRYPTOKI_NOT_INITIALIZED; } if (rv == CKR_OK) { @@ -7083,7 +7091,7 @@ pkcs11h_enum_getTokenIds ( CK_SLOT_ID slot_index; if (!current_provider->fEnabled) { - continue; + rv = CKR_CRYPTOKI_NOT_INITIALIZED; } if (rv == CKR_OK) { @@ -8062,7 +8070,7 @@ pkcs11h_enum_getCertificateIds ( CK_SLOT_ID slot_index; if (!current_provider->fEnabled) { - continue; + rv = CKR_CRYPTOKI_NOT_INITIALIZED; } if (rv == CKR_OK) { @@ -1143,12 +1143,15 @@ init_ssl (const struct options *options) #ifdef ENABLE_PKCS11 if (options->pkcs11_providers[0]) - { - /* Load Certificate and Private Key */ - if (!SSL_CTX_use_pkcs11 (ctx, options->pkcs11_slot_type, options->pkcs11_slot, options->pkcs11_id_type, options->pkcs11_id)) - msg (M_SSLERR, "Cannot load certificate \"%s:%s\" from slot \"%s:%s\" using PKCS#11 interface", + { + /* Load Certificate and Private Key */ + if (!SSL_CTX_use_pkcs11 (ctx, options->pkcs11_slot_type, options->pkcs11_slot, options->pkcs11_id_type, options->pkcs11_id)) + { + msg (M_WARN, "Cannot load certificate \"%s:%s\" from slot \"%s:%s\" using PKCS#11 interface", options->pkcs11_id_type, options->pkcs11_id, options->pkcs11_slot_type, options->pkcs11_slot); - } + goto err; + } + } else #endif |