ACK. Thanks for supplying and updating the patch!
-Steffan
On 12/18/2014 01:25 PM, David Woodhouse wrote:
> Trac: 490 Signed-off-by: David Woodhouse
> <david.woodho...@intel.com> --- v2: Nicer error message if no
> provider given when there's no default. v3: Get the usage messages
> the right way round (s/ifndef/ifdef).
>
> I did look at cleaning it up to stop looking at p[2] even when
> p[1] isn't set, but it makes it somewhat more complicated for no
> *real* benefit. So unless someone really objects, I'll leave it as
> it is.
>
> doc/openvpn.8 | 8 +++++++- src/openvpn/options.c | 30
> ++++++++++++++++++++++++++++-- 2 files changed, 35 insertions(+), 3
> deletions(-)
>
> diff --git a/doc/openvpn.8 b/doc/openvpn.8 index 0bdea1f..49183ee
> 100644 --- a/doc/openvpn.8 +++ b/doc/openvpn.8 @@ -5490,11 +5490,17
> @@ adapter list. .SS PKCS#11 Standalone Options:
> .\"********************************************************* .TP
> -.B \-\-show-pkcs11-ids provider [cert_private] +.B
> \-\-show-pkcs11-ids [provider] [cert_private] (Standalone) Show
> PKCS#11 token object list. Specify cert_private as 1 if
> certificates are stored as private objects.
>
> +If p11-kit is present on the system, the +.B provider +argument is
> optional; if omitted the default +.B p11-kit-proxy.so +module will
> be queried. + .B \-\-verb option can be used BEFORE this option to
> produce debugging information.
> .\"********************************************************* diff
> --git a/src/openvpn/options.c b/src/openvpn/options.c index
> b33eb4a..226b203 100644 --- a/src/openvpn/options.c +++
> b/src/openvpn/options.c @@ -738,7 +738,11 @@ static const char
> usage_message[] = #ifdef ENABLE_PKCS11 "\n" "PKCS#11 standalone
> options:\n" - "--show-pkcs11-ids provider [cert_private] : Show
> PKCS#11 available ids.\n" +#ifdef DEFAULT_PKCS11_MODULE +
> "--show-pkcs11-ids [provider] [cert_private] : Show PKCS#11
> available ids.\n" +#else + "--show-pkcs11-ids provider
> [cert_private] : Show PKCS#11 available ids.\n" +#endif "
> --verb option can be added *BEFORE* this.\n" #endif
> /*
> ENABLE_PKCS11 */ "\n" @@ -6935,11 +6939,33 @@ add_option (struct
> options *options, #endif /* ENABLE_SSL */ #endif /* ENABLE_CRYPTO
> */ #ifdef ENABLE_PKCS11 - else if (streq (p[0], "show-pkcs11-ids")
> && p[1]) + else if (streq (p[0], "show-pkcs11-ids") + ) { char
> *provider = p[1]; bool cert_private = (p[2] == NULL ? false : (
> atoi (p[2]) != 0 ));
>
> +#ifdef DEFAULT_PKCS11_MODULE + if (!provider) + provider =
> DEFAULT_PKCS11_MODULE; + else if (!p[2]) { + char *endp =
> NULL; + int i = strtol(provider, &endp, 10); + + if (*endp == 0)
> {
> + /* There was one argument, and it was purely numeric. +
> Interpret it as the cert_private argument */ + provider =
> DEFAULT_PKCS11_MODULE; + cert_private = i; + } + } +#else +
> if (!provider) + { + msg (msglevel, "--show-pkcs11-ids requires a
> provider parameter"); + goto err; + } +#endif
> VERIFY_PERMISSION (OPT_P_GENERAL);
>
> set_debug_level (options->verbosity, SDL_CONSTRAIN);
>
