goto out;
}
- /* FIXME: How do we check which cert matches the pkey?
- For now we just assume that the first one in the list is the right one. */
- if (!cert) {
- cert = extra_certs[0];
-
- /* Move the rest of the array down */
- for (i = 0; i < nr_extra_certs - 1; i++)
- extra_certs[i] = extra_certs[i+1];
-
- nr_extra_certs--;
- }
- goto got_key;
+ goto match_cert;
}
#endif
if (ret)
goto out;
- if (!cert) {
- /* FIXME: How do we check which cert matches the pkey?
- For now we just assume that the first one in the list is the right one. */
- cert = extra_certs[0];
-
- /* Move the rest of the array down */
- for (i = 0; i < nr_extra_certs - 1; i++)
- extra_certs[i] = extra_certs[i+1];
-
- nr_extra_certs--;
- }
- goto got_key;
+ goto match_cert;
#endif
}
ret = -EINVAL;
goto out;
+#ifdef HAVE_GNUTLS_CERTIFICATE_SET_KEY
+ match_cert:
+ if (!cert) {
+ /* FIXME: How do we check which cert matches the pkey?
+ For now we just assume that the first one in the list is the right one. */
+ cert = extra_certs[0];
+
+ /* Move the rest of the array down */
+ for (i = 0; i < nr_extra_certs - 1; i++)
+ extra_certs[i] = extra_certs[i+1];
+
+ nr_extra_certs--;
+ }
+#endif
+
got_key:
/* Now we have both cert(s) and key, and we should be ready to go. */
check_certificate_expiry(vpninfo, cert);