aboutsummaryrefslogtreecommitdiff
path: root/ssl.c
diff options
context:
space:
mode:
authorjames <james@e7ae566f-a301-0410-adde-c780ea21d3b5>2005-10-13 08:38:41 +0000
committerjames <james@e7ae566f-a301-0410-adde-c780ea21d3b5>2005-10-13 08:38:41 +0000
commitce98fd24bd72d479805cb121ca8e118826f1ed76 (patch)
treeb109113870455d2c5595a0833301f234353578e3 /ssl.c
parentRenamed plugin to plugins to work around (diff)
downloadopenvpn-ce98fd24bd72d479805cb121ca8e118826f1ed76.tar.xz
Merged PKCS#11 patch.
Pre-2.1_beta3 git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@604 e7ae566f-a301-0410-adde-c780ea21d3b5
Diffstat (limited to '')
-rw-r--r--ssl.c21
1 files changed, 21 insertions, 0 deletions
diff --git a/ssl.c b/ssl.c
index ba6857a..304e6ed 100644
--- a/ssl.c
+++ b/ssl.c
@@ -52,6 +52,7 @@
#include "perf.h"
#include "status.h"
#include "gremlin.h"
+#include "pkcs11.h"
#ifdef WIN32
#include "cryptoapi.h"
@@ -847,6 +848,26 @@ init_ssl (const struct options *options)
{
/* Use seperate PEM files for key, cert and CA certs */
+#ifdef ENABLE_PKCS11
+ if (options->pkcs11_providers[0])
+ {
+ char password[256];
+ password[0] = '\0';
+ if (
+ !options->pkcs11_protected_authentication &&
+ options->key_pass_file
+ ) {
+ pem_password_callback (password, sizeof(password) - 1, 0, NULL);
+ }
+
+ /* Load Certificate and Private Key */
+ if (!SSL_CTX_use_pkcs11 (ctx, options->pkcs11_slot_type, options->pkcs11_slot, options->pkcs11_id_type, options->pkcs11_id, password, options->pkcs11_protected_authentication))
+ msg (M_SSLERR, "Cannot load certificate \"%s:%s\" from slot \"%s:%s\" using PKCS#11 interface",
+ options->pkcs11_id_type, options->pkcs11_id, options->pkcs11_slot_type, options->pkcs11_slot);
+ }
+ else
+#endif
+
#ifdef WIN32
if (options->cryptoapi_cert)
{