#ifndef MANAGE_H
#define MANAGE_H
+/* management_open flags */
+#define MF_SERVER (1<<0)
+#define MF_QUERY_PASSWORDS (1<<1)
+#define MF_HOLD (1<<2)
+#define MF_SIGNAL (1<<3)
+#define MF_FORGET_DISCONNECT (1<<4)
+#define MF_CONNECT_AS_CLIENT (1<<5)
+#define MF_CLIENT_AUTH (1<<6)
+/* #define MF_CLIENT_PF (1<<7) *REMOVED FEATURE* */
+#define MF_UNIX_SOCK (1<<8)
+#define MF_EXTERNAL_KEY (1<<9)
+#define MF_EXTERNAL_KEY_NOPADDING (1<<10)
+#define MF_EXTERNAL_KEY_PKCS1PAD (1<<11)
+#define MF_UP_DOWN (1<<12)
+#define MF_QUERY_REMOTE (1<<13)
+#define MF_QUERY_PROXY (1<<14)
+#define MF_EXTERNAL_CERT (1<<15)
+#define MF_EXTERNAL_KEY_PSSPAD (1<<16)
+#define MF_EXTERNAL_KEY_DIGEST (1<<17)
+
+
#ifdef ENABLE_MANAGEMENT
#include "misc.h"
struct management *management_init(void);
-/* management_open flags */
-#define MF_SERVER (1<<0)
-#define MF_QUERY_PASSWORDS (1<<1)
-#define MF_HOLD (1<<2)
-#define MF_SIGNAL (1<<3)
-#define MF_FORGET_DISCONNECT (1<<4)
-#define MF_CONNECT_AS_CLIENT (1<<5)
-#define MF_CLIENT_AUTH (1<<6)
-/* #define MF_CLIENT_PF (1<<7) *REMOVED FEATURE* */
-#define MF_UNIX_SOCK (1<<8)
-#define MF_EXTERNAL_KEY (1<<9)
-#define MF_EXTERNAL_KEY_NOPADDING (1<<10)
-#define MF_EXTERNAL_KEY_PKCS1PAD (1<<11)
-#define MF_UP_DOWN (1<<12)
-#define MF_QUERY_REMOTE (1<<13)
-#define MF_QUERY_PROXY (1<<14)
-#define MF_EXTERNAL_CERT (1<<15)
-#define MF_EXTERNAL_KEY_PSSPAD (1<<16)
-#define MF_EXTERNAL_KEY_DIGEST (1<<17)
-
bool management_open(struct management *man,
const char *addr,
const char *port,
SHOW_STR_INLINE(ca_file);
SHOW_STR(ca_path);
SHOW_STR_INLINE(dh_file);
-#ifdef ENABLE_MANAGEMENT
if ((o->management_flags & MF_EXTERNAL_CERT))
{
SHOW_PARM("cert_file", "EXTERNAL_CERT", "%s");
}
else
-#endif
- SHOW_STR_INLINE(cert_file);
+ {
+ SHOW_STR_INLINE(cert_file);
+ }
SHOW_STR_INLINE(extra_certs_file);
-#ifdef ENABLE_MANAGEMENT
if ((o->management_flags & MF_EXTERNAL_KEY))
{
SHOW_PARM("priv_key_file", "EXTERNAL_PRIVATE_KEY", "%s");
}
else
-#endif
- SHOW_STR_INLINE(priv_key_file);
+ {
+ SHOW_STR_INLINE(priv_key_file);
+ }
#ifndef ENABLE_CRYPTO_MBEDTLS
SHOW_STR_INLINE(pkcs12_file);
#endif
#endif /* ifdef ENABLE_MANAGEMENT */
-#if defined(ENABLE_MANAGEMENT) && !defined(HAVE_XKEY_PROVIDER)
+#if !defined(HAVE_XKEY_PROVIDER)
if ((tls_version_max() >= TLS_VER_1_3)
&& (options->management_flags & MF_EXTERNAL_KEY)
&& !(options->management_flags & (MF_EXTERNAL_KEY_NOPADDING))
{
msg(M_USAGE, "Parameter --key cannot be used when --pkcs11-provider is also specified.");
}
-#ifdef ENABLE_MANAGEMENT
if (options->management_flags & MF_EXTERNAL_KEY)
{
msg(M_USAGE, "Parameter --management-external-key cannot be used when --pkcs11-provider is also specified.");
{
msg(M_USAGE, "Parameter --management-external-cert cannot be used when --pkcs11-provider is also specified.");
}
-#endif
if (options->pkcs12_file)
{
msg(M_USAGE, "Parameter --pkcs12 cannot be used when --pkcs11-provider is also specified.");
}
else
#endif /* ifdef ENABLE_PKCS11 */
-#ifdef ENABLE_MANAGEMENT
if ((options->management_flags & MF_EXTERNAL_KEY) && options->priv_key_file)
{
msg(M_USAGE, "--key and --management-external-key are mutually exclusive");
}
}
else
-#endif
#ifdef ENABLE_CRYPTOAPI
if (options->cryptoapi_cert)
{
{
msg(M_USAGE, "Parameter --pkcs12 cannot be used when --cryptoapicert is also specified.");
}
-#ifdef ENABLE_MANAGEMENT
if (options->management_flags & MF_EXTERNAL_KEY)
{
msg(M_USAGE, "Parameter --management-external-key cannot be used when --cryptoapicert is also specified.");
{
msg(M_USAGE, "Parameter --management-external-cert cannot be used when --cryptoapicert is also specified.");
}
-#endif
}
else
#endif /* ifdef ENABLE_CRYPTOAPI */
{
msg(M_USAGE, "Parameter --key cannot be used when --pkcs12 is also specified.");
}
-#ifdef ENABLE_MANAGEMENT
if (options->management_flags & MF_EXTERNAL_KEY)
{
msg(M_USAGE, "Parameter --management-external-key cannot be used when --pkcs12 is also specified.");
{
msg(M_USAGE, "Parameter --management-external-cert cannot be used when --pkcs12 is also specified.");
}
-#endif
#endif /* ifdef ENABLE_CRYPTO_MBEDTLS */
}
else
{
const int sum =
-#ifdef ENABLE_MANAGEMENT
((options->cert_file != NULL) || (options->management_flags & MF_EXTERNAL_CERT))
- +((options->priv_key_file != NULL) || (options->management_flags & MF_EXTERNAL_KEY));
-#else
- (options->cert_file != NULL) + (options->priv_key_file != NULL);
-#endif
+ + ((options->priv_key_file != NULL) || (options->management_flags & MF_EXTERNAL_KEY));
if (sum == 0)
{
}
else
{
-#ifdef ENABLE_MANAGEMENT
if (!(options->management_flags & MF_EXTERNAL_CERT))
-#endif
- notnull(options->cert_file, "certificate file (--cert) or PKCS#12 file (--pkcs12)");
-#ifdef ENABLE_MANAGEMENT
+ {
+ notnull(options->cert_file, "certificate file (--cert) or PKCS#12 file (--pkcs12)");
+ }
if (!(options->management_flags & MF_EXTERNAL_KEY))
-#endif
- notnull(options->priv_key_file, "private key file (--key) or PKCS#12 file (--pkcs12)");
+ {
+ notnull(options->priv_key_file, "private key file (--key) or PKCS#12 file (--pkcs12)");
+ }
}
}
if (ce->tls_auth_file && ce->tls_crypt_file)
options->extra_certs_file, R_OK,
"--extra-certs");
-#ifdef ENABLE_MANAGMENT
if (!(options->management_flags & MF_EXTERNAL_KEY))
-#endif
{
errs |= check_file_access_inline(options->priv_key_file_inline,
CHKACC_FILE|CHKACC_PRIVATE,
key_is_external(const struct options *options)
{
bool ret = false;
-#ifdef ENABLE_MANAGEMENT
ret = ret || (options->management_flags & MF_EXTERNAL_KEY);
-#endif
#ifdef ENABLE_PKCS11
ret = ret || (options->pkcs11_providers[0] != NULL);
#endif
VERIFY_PERMISSION(OPT_P_GENERAL);
options->management_flags |= MF_CONNECT_AS_CLIENT;
}
-#ifdef ENABLE_MANAGEMENT
else if (streq(p[0], "management-external-key"))
{
VERIFY_PERMISSION(OPT_P_GENERAL);
VERIFY_PERMISSION(OPT_P_GENERAL);
options->management_flags |= MF_CLIENT_AUTH;
}
-#endif /* ifdef ENABLE_MANAGEMENT */
else if (streq(p[0], "management-log-cache") && p[1] && !p[2])
{
int cache;
projects / thirdparty / openvpn.git / commitdiff
