Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Add openconnect_has_tss_blob_support()
Turns out this might not be entirely OpenSSL-specific; we should be able
to support it in GnuTLS too.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
  • Loading branch information
David Woodhouse authored and David Woodhouse committed Jun 11, 2012
1 parent ace861f commit d36cb52
Show file tree
Hide file tree
Showing 4 changed files with 30 additions and 3 deletions.
1 change: 1 addition & 0 deletions libopenconnect.map.in
Expand Up @@ -26,6 +26,7 @@ OPENCONNECT_2.0 {
openconnect_get_cert_details;
openconnect_get_cert_DER;
openconnect_init_ssl;
openconnect_has_tss_blob_support;
openconnect_has_pkcs11_support;
};

Expand Down
19 changes: 19 additions & 0 deletions library.c
Expand Up @@ -235,3 +235,22 @@ int openconnect_has_pkcs11_support(void)
return 0;
#endif
}

#if defined (OPENCONNECT_OPENSSL) && defined (HAVE_ENGINE)
#include <openssl/engine.h>
#endif
int openconnect_has_tss_blob_support(void)
{
#if defined (OPENCONNECT_OPENSSL) && defined (HAVE_ENGINE)
ENGINE *e;

ENGINE_load_builtin_engines();

e = ENGINE_by_id("tpm");
if (e) {
ENGINE_free(e);
return 1;
}
#endif
return 0;
}
6 changes: 4 additions & 2 deletions main.c
Expand Up @@ -180,9 +180,11 @@ static void helpmessage(void)

static void print_build_opts(void)
{
openconnect_init_ssl();
#if defined (OPENCONNECT_OPENSSL) && defined (HAVE_ENGINE)
printf(_("Using OpenSSL with TPM ENGINE support\n"));
if (openconnect_has_tss_blob_support())
printf(_("Using OpenSSL with TPM ENGINE support. Loading TPM engine succeeded.\n"));
else
printf(_("Using OpenSSL with TPM ENGINE support, but loading TPM engine failed.\n"));
#elif defined (OPENCONNECT_OPENSSL)
printf(_("Using OpenSSL without TPM ENGINE support\n"));
#elif defined (OPENCONNECT_GNUTLS) && defined (HAVE_P11KIT)
Expand Down
7 changes: 6 additions & 1 deletion openconnect.h
Expand Up @@ -36,7 +36,7 @@
/*
* API version 2.0:
* - OPENCONNECT_X509 is now an opaque type.
* - Add openconnect_has_pkcs11_support()
* - Add openconnect_has_pkcs11_support(), openconnect_has_tss_blob_support()
* - Rename openconnect_init_openssl() -> openconnect_init_ssl()
* - Rename openconnect_vpninfo_new_with_cbdata() -> openconnect_vpninfo_new()
* and kill the old openconnect_vpninfo_new() and its callback types.
Expand Down Expand Up @@ -237,4 +237,9 @@ void openconnect_vpninfo_free (struct openconnect_info *vpninfo);
can accept PKCS#11 URLs in place of filenames, for the certificate and key. */
int openconnect_has_pkcs11_support(void);

/* The OpenSSL TPM ENGINE stores keys in a PEM file labelled with the string
-----BEGIN TSS KEY BLOB-----. GnuTLS may learn to support this format too,
in the near future. */
int openconnect_has_tss_blob_support(void);

#endif /* __OPENCONNECT_H__ */

0 comments on commit d36cb52

Please sign in to comment.