From f6ee0aef4a4c21a5320850e6d0773c778fc2cdec Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Tue, 30 Sep 2008 14:13:00 +0100 Subject: [PATCH] Make cert and key options a little saner --- anyconnect.h | 3 ++- main.c | 14 +++++++++++--- ssl.c | 5 ++--- 3 files changed, 15 insertions(+), 7 deletions(-) diff --git a/anyconnect.h b/anyconnect.h index 3cffc0c..19a6911 100644 --- a/anyconnect.h +++ b/anyconnect.h @@ -40,7 +40,8 @@ struct anyconnect_info { const char *localname; const char *hostname; const char *cert; - const char *tpmkey; + const char *sslkey; + int tpm; char *tpmpass; const char *cafile; diff --git a/main.c b/main.c index 0b9bb86..1d029af 100644 --- a/main.c +++ b/main.c @@ -39,6 +39,7 @@ int verbose = 0; static struct option long_options[] = { {"certificate", 1, 0, 'c'}, + {"sslkey", 1, 0, 'k'}, {"cookie", 1, 0, 'C'}, {"deflate", 0, 0, 'd'}, {"no-deflate", 0, 0, 'D'}, @@ -59,6 +60,7 @@ void usage(void) printf("Usage: anyconnect [options] \n"); printf("Connect to Cisco AnyConnect server.\n\n"); printf(" -c, --certificate=CERT Use SSL client certificate CERT\n"); + printf(" -k, --sslkey=KEY Use SSL private key file KEY\n"); printf(" -C, --cookie=COOKIE Use WebVPN cookie COOKIE\n"); printf(" -d, --deflate Enable compression (default)\n"); printf(" -D, --no-deflate Disable compression\n"); @@ -67,7 +69,7 @@ void usage(void) printf(" -m, --mtu=MTU Request MTU from server\n"); printf(" -p, --tpm-password=PASS Set TPM SRK PIN\n"); printf(" -s, --script=SCRIPT Use vpnc-compatible config script\n"); - printf(" -t, --tpm-key=KEY Use KEY as private key, with TPM\n"); + printf(" -t, --tpm Use TPM engine for private key\n"); printf(" -u, --useragent=AGENT Set HTTP User-Agent AGENT\n"); printf(" -v, --verbose More output\n"); printf(" --cafile=FILE Cert file for server verification\n"); @@ -107,7 +109,7 @@ int main(int argc, char **argv) else vpninfo->localname = "localhost"; - while ((opt = getopt_long(argc, argv, "C:c:hvdDu:i:t:p:s:h", + while ((opt = getopt_long(argc, argv, "C:c:hvdDu:i:tk:p:s:h", long_options, NULL))) { if (opt < 0) break; @@ -125,6 +127,9 @@ int main(int argc, char **argv) case 'c': vpninfo->cert = optarg; break; + case 'k': + vpninfo->sslkey = optarg; + break; case 'd': vpninfo->deflate = 1; break; @@ -150,7 +155,7 @@ int main(int argc, char **argv) vpninfo->vpnc_script = optarg; break; case 't': - vpninfo->tpmkey = optarg; + vpninfo->tpm = 1; break; case 'u': vpninfo->useragent = optarg; @@ -167,6 +172,9 @@ int main(int argc, char **argv) usage(); } + if (!vpninfo->sslkey) + vpninfo->sslkey = vpninfo->cert; + vpninfo->hostname = argv[optind]; /* FIXME: Allow lookup in XML config file, once we fetch that */ diff --git a/ssl.c b/ssl.c index e8f8366..6c72f4f 100644 --- a/ssl.c +++ b/ssl.c @@ -128,7 +128,7 @@ static int load_certificate(struct anyconnect_info *vpninfo, return -EINVAL; } - if (vpninfo->tpmkey) { + if (vpninfo->tpm) { ENGINE *e; EVP_PKEY *key; ENGINE_load_builtin_engines(); @@ -155,8 +155,7 @@ static int load_certificate(struct anyconnect_info *vpninfo, ERR_print_errors_fp(stderr); } } - key = ENGINE_load_private_key(e, vpninfo->tpmkey, - NULL, NULL); + key = ENGINE_load_private_key(e, vpninfo->sslkey, NULL, NULL); if (!key) { fprintf(stderr, "Failed to load TPM private key\n"); -- 2.7.4