If the user specifies --pkcs11-id or --pkcs-id-management but neglects
to explicitly provide a --pkcs11-provider argument, and if the system
has p11-kit installed, then load the p11-kit proxy module so that the
system-configured tokens are available.
Trac: 490
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <
1418303015.31745.78.camel@infradead.org>
URL: http://article.gmane.org/gmane.network.openvpn.devel/9342
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit
6f1d3cf062d5c33cbad4d521d157d43d53ffc7d1)
OPTIONAL_PKCS11_HELPER_CFLAGS="${PKCS11_HELPER_CFLAGS}"
OPTIONAL_PKCS11_HELPER_LIBS="${PKCS11_HELPER_LIBS}"
AC_DEFINE([ENABLE_PKCS11], [1], [Enable PKCS11])
+ PKG_CHECK_MODULES(
+ [P11KIT],
+ [p11-kit-1],
+ [proxy_module="`$PKG_CONFIG --variable=proxy_module p11-kit-1`"
+ AC_DEFINE_UNQUOTED([DEFAULT_PKCS11_MODULE], "${proxy_module}", [p11-kit proxy])],
+ []
+ )
fi
if test "${enable_pedantic}" = "yes"; then
.B \-\-cert, \-\-key,
and
.B \-\-pkcs12.
+
+If p11-kit is present on the system, its
+.B p11-kit-proxy.so
+module will be loaded by default if either the
+.B \-\-pkcs11\-id
+or
+.B \-\-pkcs11\-id\-management
+options are specified without
+.B \-\-pkcs11\-provider
+being given.
.\"*********************************************************
.TP
.B \-\-pkcs11-private-mode mode...
#endif
}
#endif
+
+#ifdef DEFAULT_PKCS11_MODULE
+ /* If p11-kit is present on the system then load its p11-kit-proxy.so
+ by default if the user asks for PKCS#11 without otherwise specifying
+ the module to use. */
+ if (!options->pkcs11_providers[0] &&
+ (options->pkcs11_id || options->pkcs11_id_management))
+ options->pkcs11_providers[0] = DEFAULT_PKCS11_MODULE;
+#endif
}
static void
projects / thirdparty / openvpn.git / commitdiff
