Commit 9ce7f679 authored by David Woodhouse's avatar David Woodhouse

Fix GnuTLS PIN cache leak when only *key* is PKCS#11 and not certificate.

Signed-off-by: default avatarDavid Woodhouse <>
parent 88d01c94
......@@ -1454,7 +1454,8 @@ void openconnect_close_https(struct openconnect_info *vpninfo, int final)
vpninfo->https_cred = NULL;
#ifdef HAVE_P11KIT
if (!strncmp(vpninfo->cert, "pkcs11:", 7)) {
if (!strncmp(vpninfo->cert, "pkcs11:", 7) ||
!strncmp(vpninfo->sslkey, "pkcs11:", 7)) {
char pin_source[40];
sprintf(pin_source, "openconnect:%p", vpninfo);
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment