Trac: 490 Signed-off-by: David Woodhouse <[email protected]> --- v2: Nicer error message if no provider given when there's no default. v3: Get the usage messages the right way round (s/ifndef/ifdef).
I did look at cleaning it up to stop looking at p[2] even when p[1]
isn't set, but it makes it somewhat more complicated for no *real*
benefit. So unless someone really objects, I'll leave it as it is.
doc/openvpn.8 | 8 +++++++-
src/openvpn/options.c | 30 ++++++++++++++++++++++++++++--
2 files changed, 35 insertions(+), 3 deletions(-)
diff --git a/doc/openvpn.8 b/doc/openvpn.8
index 0bdea1f..49183ee 100644
--- a/doc/openvpn.8
+++ b/doc/openvpn.8
@@ -5490,11 +5490,17 @@ adapter list.
.SS PKCS#11 Standalone Options:
.\"*********************************************************
.TP
-.B \-\-show-pkcs11-ids provider [cert_private]
+.B \-\-show-pkcs11-ids [provider] [cert_private]
(Standalone)
Show PKCS#11 token object list. Specify cert_private as 1
if certificates are stored as private objects.
+If p11-kit is present on the system, the
+.B provider
+argument is optional; if omitted the default
+.B p11-kit-proxy.so
+module will be queried.
+
.B \-\-verb
option can be used BEFORE this option to produce debugging information.
.\"*********************************************************
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index b33eb4a..226b203 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -738,7 +738,11 @@ static const char usage_message[] =
#ifdef ENABLE_PKCS11
"\n"
"PKCS#11 standalone options:\n"
- "--show-pkcs11-ids provider [cert_private] : Show PKCS#11 available ids.\n"
+#ifdef DEFAULT_PKCS11_MODULE
+ "--show-pkcs11-ids [provider] [cert_private] : Show PKCS#11 available ids.\n"
+#else
+ "--show-pkcs11-ids provider [cert_private] : Show PKCS#11 available ids.\n"
+#endif
" --verb option can be added
*BEFORE* this.\n"
#endif /* ENABLE_PKCS11 */
"\n"
@@ -6935,11 +6939,33 @@ add_option (struct options *options,
#endif /* ENABLE_SSL */
#endif /* ENABLE_CRYPTO */
#ifdef ENABLE_PKCS11
- else if (streq (p[0], "show-pkcs11-ids") && p[1])
+ else if (streq (p[0], "show-pkcs11-ids")
+ )
{
char *provider = p[1];
bool cert_private = (p[2] == NULL ? false : ( atoi (p[2]) != 0 ));
+#ifdef DEFAULT_PKCS11_MODULE
+ if (!provider)
+ provider = DEFAULT_PKCS11_MODULE;
+ else if (!p[2]) {
+ char *endp = NULL;
+ int i = strtol(provider, &endp, 10);
+
+ if (*endp == 0) {
+ /* There was one argument, and it was purely numeric.
+ Interpret it as the cert_private argument */
+ provider = DEFAULT_PKCS11_MODULE;
+ cert_private = i;
+ }
+ }
+#else
+ if (!provider)
+ {
+ msg (msglevel, "--show-pkcs11-ids requires a provider parameter");
+ goto err;
+ }
+#endif
VERIFY_PERMISSION (OPT_P_GENERAL);
set_debug_level (options->verbosity, SDL_CONSTRAIN);
--
2.1.0
--
David Woodhouse Open Source Technology Centre
[email protected] Intel Corporation
smime.p7s
Description: S/MIME cryptographic signature
