[Openvpn-devel] [PATCH 2] Make 'provider' option to --show-pkcs11-ids optional where p11-kit is present

Thu, 11 Dec 2014 13:21:28 +0000 

Following on from the previous patch, this fixes --show-pkcs11-ids too.

Trac: 490
Signed-off-by: David Woodhouse <[email protected]>
---
 doc/openvpn.8         |  8 +++++++-
 src/openvpn/options.c | 21 ++++++++++++++++++++-
 2 files changed, 27 insertions(+), 2 deletions(-)

diff --git a/doc/openvpn.8 b/doc/openvpn.8
index 0bdea1f..49183ee 100644
--- a/doc/openvpn.8
+++ b/doc/openvpn.8
@@ -5490,11 +5490,17 @@ adapter list.
 .SS PKCS#11 Standalone Options:
 .\"*********************************************************
 .TP
-.B \-\-show-pkcs11-ids provider [cert_private]
+.B \-\-show-pkcs11-ids [provider] [cert_private]
 (Standalone)
 Show PKCS#11 token object list. Specify cert_private as 1
 if certificates are stored as private objects.
 
+If p11-kit is present on the system, the
+.B provider
+argument is optional; if omitted the default
+.B p11-kit-proxy.so
+module will be queried.
+
 .B \-\-verb
 option can be used BEFORE this option to produce debugging information.
 .\"*********************************************************
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index b33eb4a..5492516 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -6935,11 +6935,30 @@ add_option (struct options *options,
 #endif /* ENABLE_SSL */
 #endif /* ENABLE_CRYPTO */
 #ifdef ENABLE_PKCS11
-  else if (streq (p[0], "show-pkcs11-ids") && p[1])
+  else if (streq (p[0], "show-pkcs11-ids")
+#ifndef DEFAULT_PKCS11_MODULE
+          && p[1]
+#endif
+          )
     {
       char *provider =  p[1];
       bool cert_private = (p[2] == NULL ? false : ( atoi (p[2]) != 0 ));
 
+#ifdef DEFAULT_PKCS11_MODULE
+      if (!provider)
+       provider = DEFAULT_PKCS11_MODULE;
+      else if (!p[2]) {
+       char *endp = NULL;
+       int i = strtol(provider, &endp, 10);
+
+       if (*endp == 0) {
+         /* There was one argument, and it was purely numeric.
+            Interpret it as the cert_private argument */
+         provider = DEFAULT_PKCS11_MODULE;
+         cert_private = i;
+       }
+      }
+#endif
       VERIFY_PERMISSION (OPT_P_GENERAL);
 
       set_debug_level (options->verbosity, SDL_CONSTRAIN);
-- 
2.1.0


-- 
David Woodhouse                            Open Source Technology Centre
[email protected]                              Intel Corporation

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Reply via email to