aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjames <james@e7ae566f-a301-0410-adde-c780ea21d3b5>2006-06-29 19:33:09 +0000
committerjames <james@e7ae566f-a301-0410-adde-c780ea21d3b5>2006-06-29 19:33:09 +0000
commitfaffc76117c20a99b842df9403176d86b4758399 (patch)
tree63e35a6e77a57a6ddd294ee6b25e8f0e958a8ee9
parentAdded two new management states: (diff)
downloadopenvpn-faffc76117c20a99b842df9403176d86b4758399.tar.xz
pkcs11 changes:
-r 1046:1053 https://svn.openvpn.net/projects/openvpn/contrib/alon/BETA21 1. Modified ssl.c to not FATAL and return to init.c so auth-retry will work. 2. Modifed pkcs11-helper.c to fix some problem with multiple providers. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1070 e7ae566f-a301-0410-adde-c780ea21d3b5
-rw-r--r--pkcs11-helper.c32
-rw-r--r--ssl.c13
2 files changed, 28 insertions, 17 deletions
diff --git a/pkcs11-helper.c b/pkcs11-helper.c
index fd8f7f1..391d91f 100644
--- a/pkcs11-helper.c
+++ b/pkcs11-helper.c
@@ -59,6 +59,10 @@
/*
* Changelog
*
+ * 2006.06.26
+ * - (alonbl) Fix handling mutiple providers.
+ * - (alonbl) Release 01.01.
+ *
* 2006.05.14
* - (alonbl) First stable release.
* - (alonbl) Release 01.00.
@@ -2366,6 +2370,13 @@ _pkcs11h_getSlotList (
*pSlotList = NULL;
*pulCount = 0;
+ if (
+ rv == CKR_OK &&
+ !provider->fEnabled
+ ) {
+ rv = CKR_CRYPTOKI_NOT_INITIALIZED;
+ }
+
if (rv == CKR_OK) {
rv = provider->f->C_GetSlotList (
tokenPresent,
@@ -3032,17 +3043,14 @@ _pkcs11h_resetSession (
CK_SLOT_ID slot_index;
/*
- * Skip disabled providers
* Skip all other providers,
* if one was set in the past
*/
- if (session->provider != NULL) {
- if (!session->provider->fEnabled) {
- continue;
- }
- if (session->provider != current_provider) {
- continue;
- }
+ if (
+ session->provider != NULL &&
+ session->provider != current_provider
+ ) {
+ rv = CKR_CANCEL;
}
if (rv == CKR_OK) {
@@ -6067,7 +6075,7 @@ _pkcs11h_locate_getTokenIdBySlotName (
CK_SLOT_ID slot_index;
if (!current_provider->fEnabled) {
- continue;
+ rv = CKR_CRYPTOKI_NOT_INITIALIZED;
}
if (rv == CKR_OK) {
@@ -6214,7 +6222,7 @@ _pkcs11h_locate_getTokenIdByLabel (
CK_SLOT_ID slot_index;
if (!current_provider->fEnabled) {
- continue;
+ rv = CKR_CRYPTOKI_NOT_INITIALIZED;
}
if (rv == CKR_OK) {
@@ -7083,7 +7091,7 @@ pkcs11h_enum_getTokenIds (
CK_SLOT_ID slot_index;
if (!current_provider->fEnabled) {
- continue;
+ rv = CKR_CRYPTOKI_NOT_INITIALIZED;
}
if (rv == CKR_OK) {
@@ -8062,7 +8070,7 @@ pkcs11h_enum_getCertificateIds (
CK_SLOT_ID slot_index;
if (!current_provider->fEnabled) {
- continue;
+ rv = CKR_CRYPTOKI_NOT_INITIALIZED;
}
if (rv == CKR_OK) {
diff --git a/ssl.c b/ssl.c
index 2aa6e4a..c7f1e73 100644
--- a/ssl.c
+++ b/ssl.c
@@ -1143,12 +1143,15 @@ init_ssl (const struct options *options)
#ifdef ENABLE_PKCS11
if (options->pkcs11_providers[0])
- {
- /* Load Certificate and Private Key */
- if (!SSL_CTX_use_pkcs11 (ctx, options->pkcs11_slot_type, options->pkcs11_slot, options->pkcs11_id_type, options->pkcs11_id))
- msg (M_SSLERR, "Cannot load certificate \"%s:%s\" from slot \"%s:%s\" using PKCS#11 interface",
+ {
+ /* Load Certificate and Private Key */
+ if (!SSL_CTX_use_pkcs11 (ctx, options->pkcs11_slot_type, options->pkcs11_slot, options->pkcs11_id_type, options->pkcs11_id))
+ {
+ msg (M_WARN, "Cannot load certificate \"%s:%s\" from slot \"%s:%s\" using PKCS#11 interface",
options->pkcs11_id_type, options->pkcs11_id, options->pkcs11_slot_type, options->pkcs11_slot);
- }
+ goto err;
+ }
+ }
else
#endif