aboutsummaryrefslogtreecommitdiff
path: root/options.c
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--options.c27
1 files changed, 16 insertions, 11 deletions
diff --git a/options.c b/options.c
index 944c84f..1acfd6b 100644
--- a/options.c
+++ b/options.c
@@ -27,12 +27,6 @@
* (Christof Meerwald, http://cmeerw.org)
*/
-#ifdef WIN32
-#include "config-win32.h"
-#else
-#include "config.h"
-#endif
-
#include "syshead.h"
#include "buffer.h"
@@ -516,10 +510,11 @@ static const char usage_message[] =
" 4 : Use Decrypt.\n"
" 8 : Use Unwrap.\n"
"--pkcs11-cert-private [0|1] ... : Set if login should be performed before\n"
- " certificate can be accessed. Set for each provider.\n"
- "--pkcs11-pin-cache seconds : Number of seconds to cache PIN. The default is -1\n"
- " cache until token is removed.\n"
- "--pkcs11-id serialized-id : Identity to use, get using standalone --show-pkcs11-ids\n"
+ " certificate can be accessed. Set for each provider.\n"
+ "--pkcs11-pin-cache seconds : Number of seconds to cache PIN. The default is -1\n"
+ " cache until token is removed.\n"
+ "--pkcs11-id-management : Acquire identity from management interface.\n"
+ "--pkcs11-id serialized-id 'id' : Identity to use, get using standalone --show-pkcs11-ids\n"
#endif /* ENABLE_PKCS11 */
"\n"
"SSL Library information:\n"
@@ -1293,6 +1288,7 @@ show_settings (const struct options *o)
}
SHOW_INT (pkcs11_pin_cache_period);
SHOW_STR (pkcs11_id);
+ SHOW_BOOL (pkcs11_id_management);
#endif /* ENABLE_PKCS11 */
#if P2MP
@@ -1766,8 +1762,11 @@ options_postprocess (struct options *options, bool first_time)
if (options->pkcs11_providers[0])
{
notnull (options->ca_file, "CA file (--ca)");
- notnull (options->pkcs11_id, "PKCS#11 id (--pkcs11-id)");
+ if (options->pkcs11_id_management && options->pkcs11_id != NULL)
+ msg(M_USAGE, "Parameter --pkcs11-id cannot be used when --pkcs11-id-management is also specified.");
+ if (!options->pkcs11_id_management && options->pkcs11_id == NULL)
+ msg(M_USAGE, "Parameter --pkcs11-id or --pkcs11-id-management should be specified.");
if (options->cert_file)
msg(M_USAGE, "Parameter --cert cannot be used when --pkcs11-provider is also specified.");
if (options->priv_key_file)
@@ -1870,6 +1869,7 @@ options_postprocess (struct options *options, bool first_time)
MUST_BE_UNDEF (pkcs11_providers[0]);
MUST_BE_UNDEF (pkcs11_private_mode[0]);
MUST_BE_UNDEF (pkcs11_id);
+ MUST_BE_UNDEF (pkcs11_id_management);
#endif
if (pull)
@@ -5137,6 +5137,11 @@ add_option (struct options *options,
VERIFY_PERMISSION (OPT_P_GENERAL);
options->pkcs11_id = p[1];
}
+ else if (streq (p[0], "pkcs11-id-management"))
+ {
+ VERIFY_PERMISSION (OPT_P_GENERAL);
+ options->pkcs11_id_management = true;
+ }
#endif
#ifdef TUNSETPERSIST
else if (streq (p[0], "rmtun"))