Commit 1a394bce authored by David Woodhouse's avatar David Woodhouse

Add openconnect_has_pkcs11_support()

Theoretically, the OpenSSL side can (and should) gain PKCS#11 support at
some point. There *is* a PKCS#11 engine, although it seems somewhat unloved.
Signed-off-by: default avatarDavid Woodhouse <David.Woodhouse@intel.com>
parent 455c90b1
......@@ -26,6 +26,7 @@ OPENCONNECT_2.0 {
openconnect_get_cert_details;
openconnect_get_cert_DER;
openconnect_init_ssl;
openconnect_has_pkcs11_support;
};
OPENCONNECT_PRIVATE {
......
......@@ -226,3 +226,12 @@ const char *openconnect_get_version (void)
{
return openconnect_version_str;
}
int openconnect_has_pkcs11_support(void)
{
#if defined (OPENCONNECT_GNUTLS) && defined (HAVE_P11KIT)
return 1;
#else
return 0;
#endif
}
......@@ -36,6 +36,7 @@
/*
* API version 2.0:
* - OPENCONNECT_X509 is now an opaque type.
* - Add openconnect_has_pkcs11_support()
* - Rename openconnect_init_openssl() -> openconnect_init_ssl()
* - Rename openconnect_vpninfo_new_with_cbdata() -> openconnect_vpninfo_new()
* and kill the old openconnect_vpninfo_new() and its callback types.
......@@ -232,4 +233,8 @@ struct openconnect_info *openconnect_vpninfo_new (char *useragent,
void *privdata);
void openconnect_vpninfo_free (struct openconnect_info *vpninfo);
/* SSL certificate capabilities. openconnect_has_pkcs11_support() means that we
can accept PKCS#11 URLs in place of filenames, for the certificate and key. */
int openconnect_has_pkcs11_support(void);
#endif /* __OPENCONNECT_H__ */
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment