Page Menu
Home
VyOS Platform
Search
Configure Global Search
Log In
Files
F1454
openvpn-pkcs11.patch
All Users
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Authored By
yun
May 10 2016, 8:23 AM
2016-05-10 08:23:46 (UTC+0)
Size
4 KB
Referenced Files
None
Subscribers
None
openvpn-pkcs11.patch
View Options
--- /opt/vyatta/share/perl5/Vyatta/OpenVPN/Config.pm.1 2016-04-24 15:46:03.327857667 +0200
+++ /opt/vyatta/share/perl5/Vyatta/OpenVPN/Config.pm 2016-04-24 16:04:34.805542602 +0200
@@ -30,6 +30,7 @@
_tls_ca => undef,
_tls_cert => undef,
_tls_key => undef,
+ _tls_pkcs11 => undef,
_tls_dh => undef,
_tls_crl => undef,
_tls_role => undef,
@@ -101,12 +102,14 @@
$self->{_tls_ca} = $config->returnValue('tls ca-cert-file');
$self->{_tls_cert} = $config->returnValue('tls cert-file');
$self->{_tls_key} = $config->returnValue('tls key-file');
+ $self->{_tls_pkcs11_id} = $config->returnValue('tls pkcs11-id');
$self->{_tls_dh} = $config->returnValue('tls dh-file');
$self->{_tls_crl} = $config->returnValue('tls crl-file');
$self->{_tls_role} = $config->returnValue('tls role');
$self->{_tls_def} = (defined($self->{_tls_ca})
|| defined($self->{_tls_cert})
|| defined($self->{_tls_key})
+ || defined($self->{_tls_pkcs11_id})
|| defined($self->{_tls_crl})
|| defined($self->{_tls_role})
|| defined($self->{_tls_dh})) ? 1 : undef;
@@ -222,12 +225,14 @@
$self->{_tls_ca} = $config->returnOrigValue('tls ca-cert-file');
$self->{_tls_cert} = $config->returnOrigValue('tls cert-file');
$self->{_tls_key} = $config->returnOrigValue('tls key-file');
+ $self->{_tls_pkcs11_id} = $config->returnOrigValue('tls pkcs11-id');
$self->{_tls_dh} = $config->returnOrigValue('tls dh-file');
$self->{_tls_crl} = $config->returnOrigValue('tls crl-file');
$self->{_tls_role} = $config->returnOrigValue('tls role');
$self->{_tls_def} = (defined($self->{_tls_ca})
|| defined($self->{_tls_cert})
|| defined($self->{_tls_key})
+ || defined($self->{_tls_pkcs11_id})
|| defined($self->{_tls_crl})
|| defined($self->{_tls_role})
|| defined($self->{_tls_dh})) ? 1 : undef;
@@ -376,6 +381,7 @@
return 1 if ($this->{_tls_ca} ne $that->{_tls_ca});
return 1 if ($this->{_tls_cert} ne $that->{_tls_cert});
return 1 if ($this->{_tls_key} ne $that->{_tls_key});
+ return 1 if ($this->{_tls_pkcs11_id} ne $that->{_tls_pkcs11_id});
return 1 if ($this->{_tls_dh} ne $that->{_tls_dh});
return 1 if ($this->{_tls_crl} ne $that->{_tls_crl});
return 1 if ($this->{_tls_role} ne $that->{_tls_role});
@@ -426,6 +432,7 @@
return 1 if ($this->{_tls_ca} ne $that->{_tls_ca});
return 1 if ($this->{_tls_cert} ne $that->{_tls_cert});
return 1 if ($this->{_tls_key} ne $that->{_tls_key});
+ return 1 if ($this->{_tls_pkcs11_id} ne $that->{_tls_pkcs11_id});
return 1 if ($this->{_tls_dh} ne $that->{_tls_dh});
return 1 if ($this->{_tls_crl} ne $that->{_tls_crl});
return 1 if ($this->{_tls_role} ne $that->{_tls_role});
@@ -706,19 +713,27 @@
if ($hdrs != 0);
$cmd .= " --ca $self->{_tls_ca}";
- return (undef, 'Must specify "tls cert-file"')
- if (!defined($self->{_tls_cert}));
- $hdrs = checkHeader("-----BEGIN CERTIFICATE-----", $self->{_tls_cert});
- return (undef, "Specified cert-file \"$self->{_tls_cert}\" is not valid")
- if ($hdrs != 0);
- $cmd .= " --cert $self->{_tls_cert}";
-
- return (undef, 'Must specify "tls key-file"')
- if (!defined($self->{_tls_key}));
- $hdrs = checkHeader("-----BEGIN (?:RSA )?PRIVATE KEY-----", $self->{_tls_key});
- return (undef, "Specified key-file \"$self->{_tls_key}\" is not valid")
- if ($hdrs != 0);
- $cmd .= " --key $self->{_tls_key}";
+ if (defined($self->{_tls_pkcs11_id})) {
+ return (undef, 'Must specify "tls pkcs11-id"')
+ if (!defined($self->{_tls_pkcs11_id}));
+ return (undef, "Specified pkcs11-id \"$self->{_tls_pkcs11_id}\" is not valid")
+ if (!defined($self->{_tls_pkcs11_id}));
+ $cmd .= " --pkcs11-id $self->{_tls_pkcs11_id}";
+ } else {
+ return (undef, 'Must specify "tls cert-file"')
+ if (!defined($self->{_tls_cert}));
+ $hdrs = checkHeader("-----BEGIN CERTIFICATE-----", $self->{_tls_cert});
+ return (undef, "Specified cert-file \"$self->{_tls_cert}\" is not valid")
+ if ($hdrs != 0);
+ $cmd .= " --cert $self->{_tls_cert}";
+
+ return (undef, 'Must specify "tls key-file"')
+ if (!defined($self->{_tls_key}));
+ $hdrs = checkHeader("-----BEGIN (?:RSA )?PRIVATE KEY-----", $self->{_tls_key});
+ return (undef, "Specified key-file \"$self->{_tls_key}\" is not valid")
+ if ($hdrs != 0);
+ $cmd .= " --key $self->{_tls_key}";
+ }
if (defined($self->{_tls_crl})) {
$hdrs = checkHeader("-----BEGIN X509 CRL-----", $self->{_tls_crl});
File Metadata
Details
Attached
Mime Type
text/x-diff
Storage Engine
amazon-s3
Storage Format
Raw Data
Storage Handle
phabricator/cu/mw/wbuvtzkzo7droe2c
Default Alt Text
openvpn-pkcs11.patch (4 KB)
Attached To
Mode
T56: Add pkcs11 support to OpenVPN interfaces
Attached
Detach File
Event Timeline
Log In to Comment