openconnect_get_cert_details;
openconnect_get_cert_DER;
openconnect_init_ssl;
+ openconnect_has_tss_blob_support;
openconnect_has_pkcs11_support;
};
return 0;
#endif
}
+
+#if defined (OPENCONNECT_OPENSSL) && defined (HAVE_ENGINE)
+#include <openssl/engine.h>
+#endif
+int openconnect_has_tss_blob_support(void)
+{
+#if defined (OPENCONNECT_OPENSSL) && defined (HAVE_ENGINE)
+ ENGINE *e;
+
+ ENGINE_load_builtin_engines();
+
+ e = ENGINE_by_id("tpm");
+ if (e) {
+ ENGINE_free(e);
+ return 1;
+ }
+#endif
+ return 0;
+}
static void print_build_opts(void)
{
- openconnect_init_ssl();
#if defined (OPENCONNECT_OPENSSL) && defined (HAVE_ENGINE)
- printf(_("Using OpenSSL with TPM ENGINE support\n"));
+ if (openconnect_has_tss_blob_support())
+ printf(_("Using OpenSSL with TPM ENGINE support. Loading TPM engine succeeded.\n"));
+ else
+ printf(_("Using OpenSSL with TPM ENGINE support, but loading TPM engine failed.\n"));
#elif defined (OPENCONNECT_OPENSSL)
printf(_("Using OpenSSL without TPM ENGINE support\n"));
#elif defined (OPENCONNECT_GNUTLS) && defined (HAVE_P11KIT)
/*
* API version 2.0:
* - OPENCONNECT_X509 is now an opaque type.
- * - Add openconnect_has_pkcs11_support()
+ * - Add openconnect_has_pkcs11_support(), openconnect_has_tss_blob_support()
* - Rename openconnect_init_openssl() -> openconnect_init_ssl()
* - Rename openconnect_vpninfo_new_with_cbdata() -> openconnect_vpninfo_new()
* and kill the old openconnect_vpninfo_new() and its callback types.
can accept PKCS#11 URLs in place of filenames, for the certificate and key. */
int openconnect_has_pkcs11_support(void);
+/* The OpenSSL TPM ENGINE stores keys in a PEM file labelled with the string
+ -----BEGIN TSS KEY BLOB-----. GnuTLS may learn to support this format too,
+ in the near future. */
+int openconnect_has_tss_blob_support(void);
+
#endif /* __OPENCONNECT_H__ */