Commit 22cc3bdc authored by Jan Včelák's avatar Jan Včelák 🚀

dnssec: conditional compilation of PKCS11 support

parent 768052bc
......@@ -113,6 +113,7 @@ PKG_CHECK_MODULES([gnutls], [gnutls >= 3.0 nettle], [
AC_CHECK_HEADERS([nettle/version.h])
CFLAGS=$CFLAGS_save
])
AC_CHECK_FUNCS([gnutls_pkcs11_privkey_generate3])
# JSON for DNSSEC status storage
PKG_CHECK_MODULES([jansson], [jansson >= 2.3])
......
......@@ -23,6 +23,14 @@
#include "keystore/internal.h"
#include "shared.h"
#ifdef HAVE_GNUTLS_PKCS11_PRIVKEY_GENERATE3
# define PKCS11_ENABLED
#else
# undef PKCS11_ENABLED
#endif
#ifdef PKCS11_ENABLED
struct pkcs11_ctx {
char *url;
char *pin;
......@@ -203,3 +211,13 @@ int dnssec_keystore_init_pkcs11(dnssec_keystore_t **store_ptr)
return keystore_create(store_ptr, &IMPLEMENTATION, NULL);
}
#else // !PKCS11_ENABLED
_public_
int dnssec_keystore_init_pkcs11(dnssec_keystore_t **store_ptr)
{
return DNSSEC_NOT_IMPLEMENTED_ERROR;
}
#endif
......@@ -28,6 +28,12 @@ int main(int argc, char *argv[])
dnssec_keystore_t *store = NULL;
int r = dnssec_keystore_init_pkcs11(&store);
if (r == DNSSEC_NOT_IMPLEMENTED_ERROR) {
skip_all("not supported");
dnssec_crypto_cleanup();
return 0;
}
ok(r == DNSSEC_EOK && store, "dnssec_keystore_init_pkcs11");
r = dnssec_keystore_open(store, "pkcs11:token=dns-keys;pin-value=1234 /usr/lib64/pkcs11/libsofthsm2.so");
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment