Add openconnect_has_pkcs11_support()

Theoretically, the OpenSSL side can (and should) gain PKCS#11 support at some point. There *is* a PKCS#11 engine, although it seems somewhat unloved. Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
sailfishos-mirror · Jun 11, 2012 · 1a394bc · 1a394bc
1 parent 455c90b
commit 1a394bc
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 0 deletions.
diff --git a/libopenconnect.map.in b/libopenconnect.map.in
@@ -26,6 +26,7 @@ OPENCONNECT_2.0 {
 	openconnect_get_cert_details;
 	openconnect_get_cert_DER;
 	openconnect_init_ssl;
+	openconnect_has_pkcs11_support;
 };
 
 OPENCONNECT_PRIVATE {

diff --git a/library.c b/library.c
@@ -226,3 +226,12 @@ const char *openconnect_get_version (void)
 {
 	return openconnect_version_str;
 }
+
+int openconnect_has_pkcs11_support(void)
+{
+#if defined (OPENCONNECT_GNUTLS) && defined (HAVE_P11KIT)
+	return 1;
+#else
+	return 0;
+#endif
+}
diff --git a/openconnect.h b/openconnect.h
@@ -36,6 +36,7 @@
 /*
  * API version 2.0:
  *  - OPENCONNECT_X509 is now an opaque type.
+ *  - Add openconnect_has_pkcs11_support()
  *  - Rename openconnect_init_openssl() -> openconnect_init_ssl()
  *  - Rename openconnect_vpninfo_new_with_cbdata() -> openconnect_vpninfo_new()
  *    and kill the old openconnect_vpninfo_new() and its callback types.
@@ -232,4 +233,8 @@ struct openconnect_info *openconnect_vpninfo_new (char *useragent,
 						  void *privdata);
 void openconnect_vpninfo_free (struct openconnect_info *vpninfo);
 
+/* SSL certificate capabilities. openconnect_has_pkcs11_support() means that we
+   can accept PKCS#11 URLs in place of filenames, for the certificate and key. */
+int openconnect_has_pkcs11_support(void);
+
 #endif /* __OPENCONNECT_H__ */