diff --git a/gnutls.c b/gnutls.c index f27a230f..8de04031 100644 --- a/gnutls.c +++ b/gnutls.c @@ -329,7 +329,7 @@ static int load_pkcs12_certificate(struct openconnect_info *vpninfo, _("Failed to decrypt PKCS#12 certificate file\n")); free(pass); vpninfo->cert_password = NULL; - err = request_passphrase(vpninfo, &pass, + err = request_passphrase(vpninfo, "openconnect_pkcs12", &pass, _("Enter PKCS#12 pass phrase:")); if (err) { gnutls_pkcs12_deinit(p12); @@ -586,7 +586,8 @@ static int load_tpm_key(struct openconnect_info *vpninfo, gnutls_datum_t *fdata, if (err != TPM_E_AUTHFAIL) goto out_srkpol; - err = request_passphrase(vpninfo, &pass, _("Enter TPM SRK PIN:")); + err = request_passphrase(vpninfo, "openconnect_tpm_srk", + &pass, _("Enter TPM SRK PIN:")); if (err) goto out_srkpol; } @@ -620,7 +621,8 @@ static int load_tpm_key(struct openconnect_info *vpninfo, gnutls_datum_t *fdata, goto out_key_policy; } } - err = request_passphrase(vpninfo, &pass, _("Enter TPM key PIN:")); + err = request_passphrase(vpninfo, "openconnect_tpm_key", + &pass, _("Enter TPM key PIN:")); if (err) goto out_key_policy; @@ -965,8 +967,8 @@ static int load_certificate(struct openconnect_info *vpninfo) _("Failed to decrypt PKCS#8 certificate file\n")); free(pass); } - err = request_passphrase(vpninfo, &pass, - _("Enter PEM pass phrase:")); + err = request_passphrase(vpninfo, "openconnect_pem", + &pass, _("Enter PEM pass phrase:")); if (err) { ret = -EINVAL; goto out; diff --git a/openconnect-internal.h b/openconnect-internal.h index ca7d0027..37c64005 100644 --- a/openconnect-internal.h +++ b/openconnect-internal.h @@ -333,7 +333,7 @@ int cstp_reconnect(struct openconnect_info *vpninfo); /* ssl.c */ int connect_https_socket(struct openconnect_info *vpninfo); -int request_passphrase(struct openconnect_info *vpninfo, +int request_passphrase(struct openconnect_info *vpninfo, const char *label, char **response, const char *fmt, ...); int __attribute__ ((format (printf, 2, 3))) openconnect_SSL_printf(struct openconnect_info *vpninfo, const char *fmt, ...); diff --git a/openssl.c b/openssl.c index e3e5c48d..47ed9cc6 100644 --- a/openssl.c +++ b/openssl.c @@ -257,6 +257,7 @@ static int ui_open(UI *ui) memset(ui_data, 0, sizeof(*ui_data)); ui_data->last_opt = &ui_data->form.opts; ui_data->vpninfo = vpninfo; + ui_data->form.auth_id = (char *)"openssl_ui"; UI_add_user_data(ui, ui_data); return 1; @@ -389,8 +390,8 @@ static int pem_pw_cb(char *buf, int len, int w, void *v) if (vpninfo->cert_password) { pass = vpninfo->cert_password; vpninfo->cert_password = NULL; - } else if (request_passphrase(vpninfo, &pass, - _("Enter PEM pass phrase:"))) + } else if (request_passphrase(vpninfo, "openconnect_pem", + &pass, _("Enter PEM pass phrase:"))) return -1; plen = strlen(pass); @@ -424,7 +425,7 @@ static int load_pkcs12_certificate(struct openconnect_info *vpninfo, PKCS12 *p12 when PKCS12_parse() returns an error, but *ca is left pointing to the freed memory. */ ca = NULL; - if (!pass && request_passphrase(vpninfo, &pass, + if (!pass && request_passphrase(vpninfo, "openconnect_pkcs12", &pass, _("Enter PKCS#12 pass phrase:")) < 0) { PKCS12_free(p12); return -EINVAL; diff --git a/ssl.c b/ssl.c index 895bfe5f..de16ec49 100644 --- a/ssl.c +++ b/ssl.c @@ -282,7 +282,7 @@ int __attribute__ ((format (printf, 2, 3))) } -int request_passphrase(struct openconnect_info *vpninfo, +int request_passphrase(struct openconnect_info *vpninfo, const char *label, char **response, const char *fmt, ...) { struct oc_auth_form f; @@ -300,12 +300,12 @@ int request_passphrase(struct openconnect_info *vpninfo, vsnprintf(buf, 1023, fmt, args); va_end(args); - f.auth_id = (char *)"ssl_certificate"; + f.auth_id = (char *)label; f.opts = &o; o.next = NULL; o.type = OC_FORM_OPT_PASSWORD; - o.name = (char *)"passphrase"; + o.name = (char *)label; o.label = buf; o.value = NULL;