Re: [Openvpn-devel] [PATCH 2] Make 'provider' option to --show-pkcs11-ids optional where p11-kit is present

Steffan Karger Tue, 16 Dec 2014 21:19:14 +0000

Hi David,

Feature-ACK, but a small remark:


On 11-12-14 14:21, David Woodhouse wrote:
> @@ -6935,11 +6935,30 @@ add_option (struct options *options,
>  #endif /* ENABLE_SSL */
>  #endif /* ENABLE_CRYPTO */
>  #ifdef ENABLE_PKCS11
> -  else if (streq (p[0], "show-pkcs11-ids") && p[1])
> +  else if (streq (p[0], "show-pkcs11-ids")
> +#ifndef DEFAULT_PKCS11_MODULE
> +        && p[1]
> +#endif
> +        )

Since this makes a '--show-pkcs11-ids' without the module argument valid
for some openvpn builds, I think it is nicer to give a proper error
message to the user. E.g. something like:

    #ifndef DEFAULT_PKCS11_MODULE
        if (!p[1])
          {
            msg (msglevel, "--show-pkcs11-ids requires a module parameter");
            goto err;
          }
    #endif

Regards,
-Steffan

Re: [Openvpn-devel] [PATCH 2] Make 'provider' option to --show-pkcs11-ids optional where p11-kit is present

Reply via email to