client tested with 3.0.1 (no pkcs#11 though), and stared at the code a bit.
This change looks like it really wants an "#else" and move the #endif
to the end of the function... (though the compiler does not warn)
pkcs11_init_tls_session(pkcs11h_certificate_t certificate,
struct tls_root_ctx *const ssl_ctx)
{
+
+#ifdef HAVE_XKEY_PROVIDER
+ return (xkey_load_from_pkcs11h(certificate, ssl_ctx) == 0); /* inverts the
return value */
+#endif
+
int ret = 1;
(more stuff)
This prototype looks a bit surprising
+static XKEY_EXTERNAL_SIGN_fn xkey_pkcs11h_sign;
given that the function is defined just below? Is this to ensure
XKEY_EXTERNAL_SIGN_fn matches the actual function definition?
Your patch has been applied to the master branch.
commit 6121001ed82914f336da081bb8aefaeb055450cb
Author: Selva Nair
Date: Tue Dec 14 11:59:24 2021 -0500
pkcs11: Interface the xkey provider with pkcs11-helper
Signed-off-by: Selva Nair <selva.n...@gmail.com>
Acked-by: Arne Schwabe <a...@rfc2549.org>
Message-Id: <20211214165928.30676-15-selva.n...@gmail.com>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg23442.html
Signed-off-by: Gert Doering <g...@greenie.muc.de>
--
kind regards,
Gert Doering
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
