avoid enrollment crash with TLS engine does not support pkcs11

openziti · Aug 4, 2023 · 7eaba4d · 7eaba4d
1 parent 81199b9
commit 7eaba4d
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/library/utils.c b/library/utils.c
@@ -573,6 +573,12 @@ int load_key_internal(tls_context *tls, tlsuv_private_key_t *key, const char *ke
 
 static int pkcs11_gen(tls_context *tls, tlsuv_private_key_t *key, const char *lib, const char *slot, const char *pin,
                       const char *id, const char *label) {
+
+    if (tls->api->generate_pkcs11_key == NULL) {
+        ZITI_LOG(WARN, "pkcs11 key generation is not supported by TLS driver[%s]", tls->api->version());
+        return ZITI_KEY_GENERATION_FAILED;
+    }
+
     if (tls->api->generate_pkcs11_key(key, lib, slot, pin, label)) {
         return ZITI_KEY_GENERATION_FAILED;
     }