aboutsummaryrefslogtreecommitdiff
path: root/ssl.c
diff options
context:
space:
mode:
Diffstat (limited to 'ssl.c')
-rw-r--r--ssl.c21
1 files changed, 21 insertions, 0 deletions
diff --git a/ssl.c b/ssl.c
index ba6857a..304e6ed 100644
--- a/ssl.c
+++ b/ssl.c
@@ -52,6 +52,7 @@
#include "perf.h"
#include "status.h"
#include "gremlin.h"
+#include "pkcs11.h"
#ifdef WIN32
#include "cryptoapi.h"
@@ -847,6 +848,26 @@ init_ssl (const struct options *options)
{
/* Use seperate PEM files for key, cert and CA certs */
+#ifdef ENABLE_PKCS11
+ if (options->pkcs11_providers[0])
+ {
+ char password[256];
+ password[0] = '\0';
+ if (
+ !options->pkcs11_protected_authentication &&
+ options->key_pass_file
+ ) {
+ pem_password_callback (password, sizeof(password) - 1, 0, NULL);
+ }
+
+ /* Load Certificate and Private Key */
+ if (!SSL_CTX_use_pkcs11 (ctx, options->pkcs11_slot_type, options->pkcs11_slot, options->pkcs11_id_type, options->pkcs11_id, password, options->pkcs11_protected_authentication))
+ msg (M_SSLERR, "Cannot load certificate \"%s:%s\" from slot \"%s:%s\" using PKCS#11 interface",
+ options->pkcs11_id_type, options->pkcs11_id, options->pkcs11_slot_type, options->pkcs11_slot);
+ }
+ else
+#endif
+
#ifdef WIN32
if (options->cryptoapi_cert)
{