diff options
| author | james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> | 2005-10-13 08:38:41 +0000 |
|---|---|---|
| committer | james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> | 2005-10-13 08:38:41 +0000 |
| commit | ce98fd24bd72d479805cb121ca8e118826f1ed76 (patch) | |
| tree | b109113870455d2c5595a0833301f234353578e3 /ssl.c | |
| parent | Renamed plugin to plugins to work around (diff) | |
| download | openvpn-ce98fd24bd72d479805cb121ca8e118826f1ed76.tar.xz | |
Merged PKCS#11 patch.
Pre-2.1_beta3
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@604 e7ae566f-a301-0410-adde-c780ea21d3b5
Diffstat (limited to 'ssl.c')
| -rw-r--r-- | ssl.c | 21 |
1 files changed, 21 insertions, 0 deletions
@@ -52,6 +52,7 @@ #include "perf.h" #include "status.h" #include "gremlin.h" +#include "pkcs11.h" #ifdef WIN32 #include "cryptoapi.h" @@ -847,6 +848,26 @@ init_ssl (const struct options *options) { /* Use seperate PEM files for key, cert and CA certs */ +#ifdef ENABLE_PKCS11 + if (options->pkcs11_providers[0]) + { + char password[256]; + password[0] = '\0'; + if ( + !options->pkcs11_protected_authentication && + options->key_pass_file + ) { + pem_password_callback (password, sizeof(password) - 1, 0, NULL); + } + + /* Load Certificate and Private Key */ + if (!SSL_CTX_use_pkcs11 (ctx, options->pkcs11_slot_type, options->pkcs11_slot, options->pkcs11_id_type, options->pkcs11_id, password, options->pkcs11_protected_authentication)) + msg (M_SSLERR, "Cannot load certificate \"%s:%s\" from slot \"%s:%s\" using PKCS#11 interface", + options->pkcs11_id_type, options->pkcs11_id, options->pkcs11_slot_type, options->pkcs11_slot); + } + else +#endif + #ifdef WIN32 if (options->cryptoapi_cert) { |