OpenSSL: Allow pkcs11_module_path to be NULL

New versions of engine_pkcs11 will automatically use the system's
p11-kit-proxy.so to make the globally-configured PKCS#11 tokens available
by default. So invoking the engine without an explicit module path is
not an error.

Older engines will fail but gracefully enough, so although it's still an
error in that case there's no need for us to catch it for ourselves.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index b5073212b98904b5447a556df37255a902d7b9b1..73dd0b48165802eda7e7f5f9223df4fe9dfe632a 100644 (file)
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -692,12 +692,15 @@ static int tls_engine_load_dynamic_pkcs11(const char *pkcs11_so_path,
                NULL, NULL
        };
 
-       if (!pkcs11_so_path || !pkcs11_module_path)
+       if (!pkcs11_so_path)
                return 0;
 
        pre_cmd[1] = pkcs11_so_path;
        pre_cmd[3] = engine_id;
-       post_cmd[1] = pkcs11_module_path;
+       if (pkcs11_module_path)
+               post_cmd[1] = pkcs11_module_path;
+       else
+               post_cmd[0] = NULL;
 
        wpa_printf(MSG_DEBUG, "ENGINE: Loading pkcs11 Engine from %s",
                   pkcs11_so_path);