PROTON-2594: c/examples/broker: add PKCS11_URI support

The broker hardcodes the name of the files used at compile time, depending on whether it's built for Windows or not. Add a third option by checking whether PKCS11_URI is defined: If it is, it will use it to reference a "tserver" certificate and private key that should be used instead of the keys in the ssl-certs/ directory. This allows an easy manual test of the PKCS#11 functionality.
apache · Jul 10, 2024 · 430d7e5 · 430d7e5
1 parent 63f1f38
commit 430d7e5
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/c/examples/broker.c b/c/examples/broker.c
@@ -35,7 +35,13 @@
 /* The ssl-certs subdir must be in the current directory for an ssl-enabled broker */
 #define SSL_PW "tserverpw"
 /* Windows vs. OpenSSL certificates */
-#if defined(_WIN32)
+#if defined(PKCS11_URI)
+#  define SSL_FILE(NAME) PKCS11_URI ";object=" NAME
+#  define PRIVATEKEY(NAME) SSL_FILE(NAME ";type=private")
+#  define CERTIFICATE(NAME) SSL_FILE(NAME ";type=cert")
+#  define SET_CREDENTIALS(DOMAIN, NAME)                                 \
+  pn_ssl_domain_set_credentials(DOMAIN, CERTIFICATE(NAME), PRIVATEKEY(NAME), SSL_PW)
+#elif defined(_WIN32)
 #  define SSL_FILE(NAME) "ssl-certs/" NAME
 #  define PRIVATEKEY(NAME) SSL_FILE(NAME "-full.p12")
 #  define CERTIFICATE(NAME) SSL_FILE(NAME "-certificate.p12")