gnutls_certificate_verify_function *verify_callback;
struct pin_info_st pin;
+ /* temporarily hold the PIN if set_key_file2() is used with a PIN */
+ char pin_tmp[GNUTLS_PKCS11_MAX_PIN_LEN];
/* OCSP */
gnutls_status_request_ocsp_func ocsp_func;
gnutls_certificate_free_keys (sc);
gnutls_certificate_free_ca_names (sc);
gnutls_free(sc->ocsp_response_file);
-
+ memset(sc->pin_tmp, 0, sizeof(sc->pin_tmp));
#ifdef ENABLE_OPENPGP
gnutls_openpgp_keyring_deinit (sc->keyring);
#endif
return ret;
}
+static int tmp_pin_cb(void* userdata, int attempt, const char *token_url, const char *token_label,
+ unsigned int flags, char *pin, size_t pin_max)
+{
+const char* tmp_pin = userdata;
+
+ if (attempt == 0)
+ {
+ snprintf(pin, pin_max, "%s", tmp_pin);
+ return 0;
+ }
+
+ return -1;
+}
+
/* Reads a PEM encoded PKCS-1 RSA/DSA private key from memory. Type
* indicates the certificate format. KEY can be NULL, to indicate
* that GnuTLS doesn't know the private key.
if (res->pin.cb)
gnutls_privkey_set_pin_function(privkey, res->pin.cb, res->pin.data);
+ else if (pass != NULL)
+ {
+ snprintf(res->pin_tmp, sizeof(res->pin_tmp), "%s", pass);
+ gnutls_privkey_set_pin_function(privkey, tmp_pin_cb, res->pin_tmp);
+ }
ret = gnutls_privkey_import_x509_raw (privkey, &tmp, type, pass, flags);
if (ret < 0)