On Tue, 2014-12-16 at 22:19 +0100, Steffan Karger wrote: > > Since this makes a '--show-pkcs11-ids' without the module argument > valid > for some openvpn builds, I think it is nicer to give a proper error > message to the user. E.g. something like:
Like this? If this incremental patch is what you were after I'll
resubmit the original 'PATCH 2' with it.
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 5492516..66453b5 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -738,7 +738,11 @@ static const char usage_message[] =
#ifdef ENABLE_PKCS11
"\n"
"PKCS#11 standalone options:\n"
- "--show-pkcs11-ids provider [cert_private] : Show PKCS#11 available ids.\n"
+#ifndef DEFAULT_PKCS11_MODULE
+ "--show-pkcs11-ids [provider] [cert_private] : Show PKCS#11 available ids.\n"
+#else
+ "--show-pkcs11-ids provider [cert_private] : Show PKCS#11 available ids.\n"
+#endif
" --verb option can be added
*BEFORE* this.\n"
#endif /* ENABLE_PKCS11 */
"\n"
@@ -6936,9 +6940,6 @@ add_option (struct options *options,
#endif /* ENABLE_CRYPTO */
#ifdef ENABLE_PKCS11
else if (streq (p[0], "show-pkcs11-ids")
-#ifndef DEFAULT_PKCS11_MODULE
- && p[1]
-#endif
)
{
char *provider = p[1];
@@ -6958,6 +6959,12 @@ add_option (struct options *options,
cert_private = i;
}
}
+#else
+ if (!provider)
+ {
+ msg (msglevel, "--show-pkcs11-ids requires a provider parameter");
+ goto err;
+ }
#endif
VERIFY_PERMISSION (OPT_P_GENERAL);
--
dwmw2
smime.p7s
Description: S/MIME cryptographic signature
