From 49d732f9aed0ed8dbf202cc4e283973082f798d9 Mon Sep 17 00:00:00 2001 From: Arne Schwabe Date: Mon, 10 Sep 2012 16:59:48 +0200 Subject: Commit 3615b6646754c89fca055260528e0cbf671936e0 from git --- openvpn/src/openvpn/options.c | 40 +++++++++++++++++++++++++++++++--------- 1 file changed, 31 insertions(+), 9 deletions(-) (limited to 'openvpn') diff --git a/openvpn/src/openvpn/options.c b/openvpn/src/openvpn/options.c index 528583fe..36fb4e30 100644 --- a/openvpn/src/openvpn/options.c +++ b/openvpn/src/openvpn/options.c @@ -62,10 +62,6 @@ #include "memdbg.h" -#ifdef MANAGMENT_EXTERNAL_KEY -#define EXTERNAL_KEY_STRING "EXTERNAL_PRIVATE_KEY" -#endif - const char title_string[] = PACKAGE_STRING " " TARGET_ALIAS @@ -1586,6 +1582,12 @@ show_settings (const struct options *o) SHOW_STR (ca_path); SHOW_STR (dh_file); SHOW_STR (cert_file); + +#ifdef MANAGMENT_EXTERNAL_KEY + if((o->management_flags & MF_EXTERNAL_KEY)) + SHOW_PARM ("priv_key_file","EXTERNAL_PRIVATE_KEY","%s"); + else +#endif SHOW_STR (priv_key_file); #ifndef ENABLE_CRYPTO_POLARSSL SHOW_STR (pkcs12_file); @@ -2176,6 +2178,10 @@ options_postprocess_verify_ce (const struct options *options, const struct conne msg(M_USAGE, "Parameter --cert cannot be used when --pkcs11-provider is also specified."); if (options->priv_key_file) msg(M_USAGE, "Parameter --key cannot be used when --pkcs11-provider is also specified."); +#ifdef MANAGMENT_EXTERNAL_KEY + if (options->management_flags & MF_EXTERNAL_KEY) + msg(M_USAGE, "Parameter --management-external-key cannot be used when --pkcs11-provider is also specified."); +#endif if (options->pkcs12_file) msg(M_USAGE, "Parameter --pkcs12 cannot be used when --pkcs11-provider is also specified."); #ifdef ENABLE_CRYPTOAPI @@ -2187,7 +2193,7 @@ options_postprocess_verify_ce (const struct options *options, const struct conne #endif #ifdef ENABLE_CRYPTOAPI #ifdef MANAGMENT_EXTERNAL_KEY - if((options->management_flags & MF_EXTERNAL_KEY) && !strcmp(options->priv_key_file,EXTERNAL_KEY_STRING)==0) + if((options->management_flags & MF_EXTERNAL_KEY) && options->priv_key_file) msg (M_USAGE, "--key and --management-external-key are mutually exclusive"); #endif @@ -2201,6 +2207,10 @@ options_postprocess_verify_ce (const struct options *options, const struct conne msg(M_USAGE, "Parameter --key cannot be used when --cryptoapicert is also specified."); if (options->pkcs12_file) msg(M_USAGE, "Parameter --pkcs12 cannot be used when --cryptoapicert is also specified."); +#ifdef MANAGMENT_EXTERNAL_KEY + if (options->management_flags & MF_EXTERNAL_KEY) + msg(M_USAGE, "Parameter --management-external-key cannot be used when --cryptoapicert is also specified."); +#endif } else #endif @@ -2215,6 +2225,10 @@ options_postprocess_verify_ce (const struct options *options, const struct conne msg(M_USAGE, "Parameter --cert cannot be used when --pkcs12 is also specified."); if (options->priv_key_file) msg(M_USAGE, "Parameter --key cannot be used when --pkcs12 is also specified."); +#ifdef MANAGMENT_EXTERNAL_KEY + if (options->management_flags & MF_EXTERNAL_KEY) + msg(M_USAGE, "Parameter --external-management-key cannot be used when --pkcs12 is also specified."); +#endif #endif } else @@ -2230,7 +2244,15 @@ options_postprocess_verify_ce (const struct options *options, const struct conne #endif if (pull) { - const int sum = (options->cert_file != NULL) + (options->priv_key_file != NULL); + + const int sum = (options->cert_file != NULL) + +#ifdef MANAGMENT_EXTERNAL_KEY + ((options->priv_key_file != NULL) || (options->management_flags & MF_EXTERNAL_KEY)); +#else + (options->priv_key_file != NULL); +#endif + + if (sum == 0) { #if P2MP @@ -2248,6 +2270,9 @@ options_postprocess_verify_ce (const struct options *options, const struct conne else { notnull (options->cert_file, "certificate file (--cert) or PKCS#12 file (--pkcs12)"); +#ifdef MANAGMENT_EXTERNAL_KEY + if (!options->management_flags & MF_EXTERNAL_KEY) +#endif notnull (options->priv_key_file, "private key file (--key) or PKCS#12 file (--pkcs12)"); } } @@ -4154,9 +4179,6 @@ add_option (struct options *options, { VERIFY_PERMISSION (OPT_P_GENERAL); options->management_flags |= MF_EXTERNAL_KEY; - /* Set priv key file name only if not defined, so --key and this option can be checked later */ - if(!options->priv_key_file) - options->priv_key_file = EXTERNAL_KEY_STRING; } #endif #ifdef MANAGEMENT_DEF_AUTH -- cgit v1.2.3