ACK. Code looks good, compiles and passes my local pkcs11-test. -Steffan
On 11-11-13 23:36, Alon Bar-Lev wrote: > Enables DSA, ECDSA key usages with newer pkcs11-helper. > > Signed-off-by: Alon Bar-Lev <alon.bar...@gmail.com> > Tested-By: Sanaullah <sanaulla...@gmail.com> > --- > configure.ac | 2 +- > src/openvpn/pkcs11_openssl.c | 14 +++++++------- > 2 files changed, 8 insertions(+), 8 deletions(-) > > diff --git a/configure.ac b/configure.ac > index 5fad0af..0635149 100644 > --- a/configure.ac > +++ b/configure.ac > @@ -725,7 +725,7 @@ esac > > PKG_CHECK_MODULES( > [PKCS11_HELPER], > - [libpkcs11-helper-1 >= 1.02], > + [libpkcs11-helper-1 >= 1.11], > [have_pkcs11_helper="yes"], > [] > ) > diff --git a/src/openvpn/pkcs11_openssl.c b/src/openvpn/pkcs11_openssl.c > index af843b7..87eb166 100644 > --- a/src/openvpn/pkcs11_openssl.c > +++ b/src/openvpn/pkcs11_openssl.c > @@ -49,7 +49,7 @@ pkcs11_init_tls_session(pkcs11h_certificate_t certificate, > int ret = 1; > > X509 *x509 = NULL; > - RSA *rsa = NULL; > + EVP_PKEY *evp = NULL; > pkcs11h_openssl_session_t openssl_session = NULL; > > if ((openssl_session = pkcs11h_openssl_createSession (certificate)) == > NULL) > @@ -63,9 +63,9 @@ pkcs11_init_tls_session(pkcs11h_certificate_t certificate, > */ > certificate = NULL; > > - if ((rsa = pkcs11h_openssl_session_getRSA (openssl_session)) == NULL) > + if ((evp = pkcs11h_openssl_session_getEVP (openssl_session)) == NULL) > { > - msg (M_WARN, "PKCS#11: Unable get rsa object"); > + msg (M_WARN, "PKCS#11: Unable get evp object"); > goto cleanup; > } > > @@ -75,7 +75,7 @@ pkcs11_init_tls_session(pkcs11h_certificate_t certificate, > goto cleanup; > } > > - if (!SSL_CTX_use_RSAPrivateKey (ssl_ctx->ctx, rsa)) > + if (!SSL_CTX_use_PrivateKey (ssl_ctx->ctx, evp)) > { > msg (M_WARN, "PKCS#11: Cannot set private key for openssl"); > goto cleanup; > @@ -108,10 +108,10 @@ cleanup: > x509 = NULL; > } > > - if (rsa != NULL) > + if (evp != NULL) > { > - RSA_free (rsa); > - rsa = NULL; > + EVP_PKEY_free (evp); > + evp = NULL; > } > > if (openssl_session != NULL) >