gnutls-serv: added the --provider option

2 files changed, 24 insertions, 0 deletions

diff --git a/src/serv-args.def b/src/serv-args.def
index 141984a52d..44b67f1abe 100644
--- a/src/serv-args.def
+++ b/src/serv-args.def
@@ -264,6 +264,14 @@ flag = {
     doc      = "Print a list of the supported algorithms and modes. If a priority string is given then only the enabled ciphersuites are shown.";
 };
 
+flag = {
+    name      = provider;
+    arg-type  = file;
+    file-exists = yes;
+    descrip   = "Specify the PKCS #11 provider library";
+    doc      = "This will override the default options in /etc/gnutls/pkcs11.conf";
+};
+
 doc-section = {
   ds-type   = 'SEE ALSO'; // or anything else
   ds-format = 'texi';      // or texi or mdoc format
diff --git a/src/serv.c b/src/serv.c
index de03c4ee1c..74dd1af2a9 100644
--- a/src/serv.c
+++ b/src/serv.c
@@ -951,6 +951,22 @@ int main(int argc, char **argv)
 		exit(1);
 	}
 #ifdef ENABLE_PKCS11
+	if (HAVE_OPT(PROVIDER)) {
+		ret = gnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_MANUAL, NULL);
+		if (ret < 0)
+			fprintf(stderr, "pkcs11_init: %s",
+				gnutls_strerror(ret));
+		else {
+			ret =
+			    gnutls_pkcs11_add_provider(OPT_ARG(PROVIDER),
+						       NULL);
+			if (ret < 0) {
+				fprintf(stderr, "pkcs11_add_provider: %s",
+					gnutls_strerror(ret));
+				exit(1);
+			}
+		}
+	}
 	pkcs11_common(NULL);
 #endif