pkcs11: use generic evp key instead of rsa

author Alon Bar-Lev <alon.barlev@gmail.com>

Mon, 11 Nov 2013 22:36:06 +0000 (00:36 +0200)

committer Gert Doering <gert@greenie.muc.de>

Mon, 16 Dec 2013 17:29:09 +0000 (18:29 +0100)
author Alon Bar-Lev <alon.barlev@gmail.com>
Mon, 11 Nov 2013 22:36:06 +0000 (00:36 +0200)
committer Gert Doering <gert@greenie.muc.de>
Mon, 16 Dec 2013 17:29:09 +0000 (18:29 +0100)
diff --git a/configure.ac b/configure.ac

index b181f6d619760ad3b58cd60a4b89a72b9d2f4945..23e76f6ce9677b6d9d9c5568d0d2669dbf5b6c1d 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -725,7 +725,7 @@ esac
  
  PKG_CHECK_MODULES(
         [PKCS11_HELPER],
-       [libpkcs11-helper-1 >= 1.02],
+       [libpkcs11-helper-1 >= 1.11],
         [have_pkcs11_helper="yes"],
         []
  )
diff --git a/src/openvpn/pkcs11_openssl.c b/src/openvpn/pkcs11_openssl.c

index af843b7b9382b17b744c8615fe8fec60dc137ac4..87eb166e8658d4f675b282367d4626db0f67064d 100644 (file)
--- a/src/openvpn/pkcs11_openssl.c
+++ b/src/openvpn/pkcs11_openssl.c
@@ -49,7 +49,7 @@ pkcs11_init_tls_session(pkcs11h_certificate_t certificate,
    int ret = 1;
  
    X509 *x509 = NULL;
-  RSA *rsa = NULL;
+  EVP_PKEY *evp = NULL;
    pkcs11h_openssl_session_t openssl_session = NULL;
  
    if ((openssl_session = pkcs11h_openssl_createSession (certificate)) == NULL)
@@ -63,9 +63,9 @@ pkcs11_init_tls_session(pkcs11h_certificate_t certificate,
     */
    certificate = NULL;
  
-  if ((rsa = pkcs11h_openssl_session_getRSA (openssl_session)) == NULL)
+  if ((evp = pkcs11h_openssl_session_getEVP (openssl_session)) == NULL)
      {
-      msg (M_WARN, "PKCS#11: Unable get rsa object");
+      msg (M_WARN, "PKCS#11: Unable get evp object");
        goto cleanup;
      }
  
@@ -75,7 +75,7 @@ pkcs11_init_tls_session(pkcs11h_certificate_t certificate,
        goto cleanup;
      }
  
-  if (!SSL_CTX_use_RSAPrivateKey (ssl_ctx->ctx, rsa))
+  if (!SSL_CTX_use_PrivateKey (ssl_ctx->ctx, evp))
      {
        msg (M_WARN, "PKCS#11: Cannot set private key for openssl");
        goto cleanup;
@@ -108,10 +108,10 @@ cleanup:
        x509 = NULL;
      }
  
-  if (rsa != NULL)
+  if (evp != NULL)
      {
-      RSA_free (rsa);
-      rsa = NULL;
+      EVP_PKEY_free (evp);
+      evp = NULL;
      }
  
    if (openssl_session != NULL)
author	Alon Bar-Lev <alon.barlev@gmail.com>
	Mon, 11 Nov 2013 22:36:06 +0000 (00:36 +0200)
committer	Gert Doering <gert@greenie.muc.de>
	Mon, 16 Dec 2013 17:29:09 +0000 (18:29 +0100)
configure.ac		patch \| blob \| blame \| history
src/openvpn/pkcs11_openssl.c		patch \| blob \| blame \| history