Make cert and key options a little saner

sailfishos-mirror · Sep 30, 2008 · f6ee0ae · f6ee0ae
1 parent 5809129
commit f6ee0ae
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 7 deletions.
diff --git a/anyconnect.h b/anyconnect.h
@@ -40,7 +40,8 @@ struct anyconnect_info {
 	const char *localname;
 	const char *hostname;
 	const char *cert;
-	const char *tpmkey;
+	const char *sslkey;
+	int tpm;
 	char *tpmpass;
 	const char *cafile;
 

diff --git a/main.c b/main.c
@@ -39,6 +39,7 @@ int verbose = 0;
 
 static struct option long_options[] = {
 	{"certificate", 1, 0, 'c'},
+	{"sslkey", 1, 0, 'k'},
 	{"cookie", 1, 0, 'C'},
 	{"deflate", 0, 0, 'd'},
 	{"no-deflate", 0, 0, 'D'},
@@ -59,6 +60,7 @@ void usage(void)
 	printf("Usage:  anyconnect [options] <server>\n");
 	printf("Connect to Cisco AnyConnect server.\n\n");
 	printf("  -c, --certificate=CERT          Use SSL client certificate CERT\n");
+	printf("  -k, --sslkey=KEY                Use SSL private key file KEY\n");
 	printf("  -C, --cookie=COOKIE             Use WebVPN cookie COOKIE\n");
 	printf("  -d, --deflate                   Enable compression (default)\n");
 	printf("  -D, --no-deflate                Disable compression\n");
@@ -67,7 +69,7 @@ void usage(void)
 	printf("  -m, --mtu=MTU                   Request MTU from server\n");
 	printf("  -p, --tpm-password=PASS         Set TPM SRK PIN\n");
 	printf("  -s, --script=SCRIPT             Use vpnc-compatible config script\n");
-	printf("  -t, --tpm-key=KEY               Use KEY as private key, with TPM\n");
+	printf("  -t, --tpm                       Use TPM engine for private key\n");
 	printf("  -u, --useragent=AGENT           Set HTTP User-Agent AGENT\n");
 	printf("  -v, --verbose                   More output\n");
 	printf("      --cafile=FILE               Cert file for server verification\n");
@@ -107,7 +109,7 @@ int main(int argc, char **argv)
 	else
 		vpninfo->localname = "localhost";
 
-	while ((opt = getopt_long(argc, argv, "C:c:hvdDu:i:t:p:s:h",
+	while ((opt = getopt_long(argc, argv, "C:c:hvdDu:i:tk:p:s:h",
 				  long_options, NULL))) {
 		if (opt < 0)
 			break;
@@ -125,6 +127,9 @@ int main(int argc, char **argv)
 		case 'c':
 			vpninfo->cert = optarg;
 			break;
+		case 'k':
+			vpninfo->sslkey = optarg;
+			break;
 		case 'd':
 			vpninfo->deflate = 1;
 			break;
@@ -150,7 +155,7 @@ int main(int argc, char **argv)
 			vpninfo->vpnc_script = optarg;
 			break;
 		case 't':
-			vpninfo->tpmkey = optarg;
+			vpninfo->tpm = 1;
 			break;
 		case 'u':
 			vpninfo->useragent = optarg;
@@ -167,6 +172,9 @@ int main(int argc, char **argv)
 		usage();
 	}
 
+	if (!vpninfo->sslkey)
+		vpninfo->sslkey = vpninfo->cert;
+
 	vpninfo->hostname = argv[optind];
 	/* FIXME: Allow lookup in XML config file, once we fetch that */
 

diff --git a/ssl.c b/ssl.c
@@ -128,7 +128,7 @@ static int load_certificate(struct anyconnect_info *vpninfo,
 		return -EINVAL;
 	}
 
-	if (vpninfo->tpmkey) {
+	if (vpninfo->tpm) {
 		ENGINE *e;
 		EVP_PKEY *key;
 		ENGINE_load_builtin_engines();
@@ -155,8 +155,7 @@ static int load_certificate(struct anyconnect_info *vpninfo,
 				ERR_print_errors_fp(stderr);
 			}
 		}
-		key = ENGINE_load_private_key(e, vpninfo->tpmkey,
-					      NULL, NULL);
+		key = ENGINE_load_private_key(e, vpninfo->sslkey, NULL, NULL);
 		if (!key) {
 			fprintf(stderr, 
 				"Failed to load TPM private key\n");