Theoretically, the OpenSSL side can (and should) gain PKCS#11 support at
some point. There *is* a PKCS#11 engine, although it seems somewhat unloved.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
openconnect_get_cert_details;
openconnect_get_cert_DER;
openconnect_init_ssl;
+ openconnect_has_pkcs11_support;
};
OPENCONNECT_PRIVATE {
{
return openconnect_version_str;
}
+
+int openconnect_has_pkcs11_support(void)
+{
+#if defined (OPENCONNECT_GNUTLS) && defined (HAVE_P11KIT)
+ return 1;
+#else
+ return 0;
+#endif
+}
/*
* API version 2.0:
* - OPENCONNECT_X509 is now an opaque type.
+ * - Add openconnect_has_pkcs11_support()
* - Rename openconnect_init_openssl() -> openconnect_init_ssl()
* - Rename openconnect_vpninfo_new_with_cbdata() -> openconnect_vpninfo_new()
* and kill the old openconnect_vpninfo_new() and its callback types.
void *privdata);
void openconnect_vpninfo_free (struct openconnect_info *vpninfo);
+/* SSL certificate capabilities. openconnect_has_pkcs11_support() means that we
+ can accept PKCS#11 URLs in place of filenames, for the certificate and key. */
+int openconnect_has_pkcs11_support(void);
+
#endif /* __OPENCONNECT_H__ */