GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 16:57:00 +08:00
Code Issues Packages Projects Releases Wiki Activity

Allow specifying a PIN and SRK PIN in the config file

Browse Source 
That pin will be used to decrypt encrypted key files as well.
This commit is contained in:
Nikos Mavrogiannopoulos
2015-06-25 13:51:34 +02:00
parent fc5ce78ed2
commit 8b186fb53a
5 changed files with 71 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/sec-mod.c
View File

@@ -165,6 +165,14 @@ int load_pins(struct perm_cfg_st *config, struct pin_st *s)
s->pin[ret] = 0;
}
if (config->key_pin != NULL) {
strlcpy(s->pin, config->key_pin, sizeof(s->pin));
}
if (config->srk_pin != NULL) {
strlcpy(s->srk_pin, config->srk_pin, sizeof(s->srk_pin));
}
return 0;
}
@@ -689,6 +697,12 @@ void sec_mod_server(void *main_pool, struct perm_cfg_st *perm_config, const char
gnutls_privkey_import_x509_raw(sec->key[i], &data,
GNUTLS_X509_FMT_PEM,
NULL, 0);
if (ret == GNUTLS_E_DECRYPTION_FAILED && pins.pin[0]) {
ret =
gnutls_privkey_import_x509_raw(sec->key[i], &data,
GNUTLS_X509_FMT_PEM,
pins.pin, 0);
}
GNUTLS_FATAL_ERR(ret);
gnutls_free(data.data);