[PATCH 1/6] Allow pkcs11_module_path to be NULL

David Woodhouse dwmw2
Thu Dec 18 07:09:16 PST 2014

New versions of engine_pkcs11 will automatically use the system's
p11-kit-proxy.so to make the globally-configured PKCS#11 tokens available
by default. So invoking the engine without an explicit module path is
not an error.

Older engines will fail but gracefully enough, so although it's still an
error in that case there's no need for us to catch it for ourselves.

Signed-off-by: David Woodhouse <David.Woodhouse at intel.com>
 src/crypto/tls_openssl.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index b507321..73dd0b4 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -692,12 +692,15 @@ static int tls_engine_load_dynamic_pkcs11(const char *pkcs11_so_path,
-	if (!pkcs11_so_path || !pkcs11_module_path)
+	if (!pkcs11_so_path)
 		return 0;
 	pre_cmd[1] = pkcs11_so_path;
 	pre_cmd[3] = engine_id;
-	post_cmd[1] = pkcs11_module_path;
+	if (pkcs11_module_path)
+		post_cmd[1] = pkcs11_module_path;
+	else
+		post_cmd[0] = NULL;
 	wpa_printf(MSG_DEBUG, "ENGINE: Loading pkcs11 Engine from %s",

David Woodhouse                            Open Source Technology Centre
David.Woodhouse at intel.com                              Intel Corporation
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5745 bytes
Desc: not available
URL: <http://lists.shmoo.com/pipermail/hostap/attachments/20141218/608f9e7e/attachment-0001.bin>

More information about the Hostap mailing list