aboutsummaryrefslogtreecommitdiff
path: root/options.c
diff options
context:
space:
mode:
authorjames <james@e7ae566f-a301-0410-adde-c780ea21d3b5>2005-11-01 22:42:58 +0000
committerjames <james@e7ae566f-a301-0410-adde-c780ea21d3b5>2005-11-01 22:42:58 +0000
commitb585364aed8ef6fd7641cbc8f0f79217df4057d5 (patch)
treec19c996a54a7aa75b9e5942726f037ec8ed1b29f /options.c
parentMerged 2.0.4 changes. (diff)
downloadopenvpn-b585364aed8ef6fd7641cbc8f0f79217df4057d5.tar.xz
More PKCS#11 changes.
Merged with https://svn.openvpn.net/projects/openvpn/contrib/alon/BETA21@752 git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@753 e7ae566f-a301-0410-adde-c780ea21d3b5
Diffstat (limited to 'options.c')
-rw-r--r--options.c10
1 files changed, 10 insertions, 0 deletions
diff --git a/options.c b/options.c
index fbaef42..9231110 100644
--- a/options.c
+++ b/options.c
@@ -482,6 +482,8 @@ static const char usage_message[] =
"--pkcs11-pin-cache seconds : Number of seconds to cache PIN. The default is -1\n"
" cache until token removed.\n"
"--pkcs11-protected-authentication : Use PKCS#11 protected authentication path.\n"
+ "--pkcs11-cert-private : Set if login should be performed before\n"
+ " certificate can be accessed.\n"
#endif /* ENABLE_PKCS11 */
"\n"
"SSL Library information:\n"
@@ -653,6 +655,7 @@ init_options (struct options *o)
#ifdef ENABLE_PKCS11
o->pkcs11_pin_cache_period = -1;
o->pkcs11_protected_authentication = false;
+ o->pkcs11_cert_private = false;
#endif /* ENABLE_PKCS11 */
}
@@ -1223,6 +1226,7 @@ show_settings (const struct options *o)
SHOW_STR (pkcs11_id);
SHOW_INT (pkcs11_pin_cache_period);
SHOW_BOOL (pkcs11_protected_authentication);
+ SHOW_BOOL (pkcs11_cert_private);
#endif /* ENABLE_PKCS11 */
#if P2MP
@@ -4977,6 +4981,12 @@ add_option (struct options *options,
VERIFY_PERMISSION (OPT_P_GENERAL);
options->pkcs11_protected_authentication = true;
}
+ else if (streq (p[0], "pkcs11-cert-private"))
+ {
+ ++i;
+ VERIFY_PERMISSION (OPT_P_GENERAL);
+ options->pkcs11_cert_private = true;
+ }
#endif
#ifdef TUNSETPERSIST
else if (streq (p[0], "rmtun"))