Commit a01a167b authored by David Woodhouse's avatar David Woodhouse

Rely on SoftHSM being installed correctly with a p11-kit .module file

I don't actually remember why I added my own; it *ought* to be installed
correctly by the distribution's packaging of SoftHSM.

There was a brief discussion about my hard-coded version being
Fedora-specific, followed by a suggestion that I could pick up the
proper path from and existing module file, followed by the realisation
that said existing module file would suffice anyway. So just require it.
Signed-off-by: default avatarDavid Woodhouse <dwmw2@infradead.org>
parent 1ff34cb9
module:/usr/lib64/pkcs11/libsofthsm2.so
......@@ -171,8 +171,8 @@ $(certsdir)/ec-key-pkcs1-aes128.pem: certs/ec-key-pkcs1.pem
$(OPENSSL) x509 -days 3650 -CA $(certsdir)/ca.pem -CAkey $(certsdir)/ca-key.pem \
-set_serial $(shell date +%s) -req -out $@ -in $<
SHM2_UTIL=HOME=$(srcdir) SOFTHSM2_CONF=softhsm2.conf softhsm2-util
P11TOOL=HOME=$(srcdir) SOFTHSM2_CONF=softhsm2.conf p11tool
SHM2_UTIL=SOFTHSM2_CONF=softhsm2.conf softhsm2-util
P11TOOL=SOFTHSM2_CONF=softhsm2.conf p11tool
# Nice and simple: Certs visible without login, public keys present in token
softhsm-setup0:
......
......@@ -36,7 +36,7 @@ for TOKEN in ${pkcs11_tokens}; do
for KEY in ${pkcs11_keys}; do
echo -n "Connecting to obtain cookie (token ${TOKEN} key ${KEY})... "
CERTURI="pkcs11:token=${TOKEN};${KEY};pin-value=1234"
( echo "test" | HOME=${srcdir} SOFTHSM2_CONF=softhsm2.conf LD_PRELOAD=libsocket_wrapper.so \
( echo "test" | SOFTHSM2_CONF=softhsm2.conf LD_PRELOAD=libsocket_wrapper.so \
$OPENCONNECT -q $ADDRESS:443 -u test -c "${CERTURI}" --key-password 1234 --servercert=d66b507ae074d03b02eafca40d35f87dd81049d3 --cookieonly --passwd-on-stdin ) ||
fail $PID "Could not connect with token ${TOKEN} key ${KEY##*/}!"
done
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment