Provide a utility function for loading a private/public keypair.

diff --git a/lib/libressl/ressl.c b/lib/libressl/ressl.c
index e014d3e..44a8a19 100644 (file)
--- a/lib/libressl/ressl.c
+++ b/lib/libressl/ressl.c
@@ -90,6 +90,26 @@ ressl_configure(struct ressl *ctx, struct ressl_config *config)
        return (0);
 }
 
+int
+ressl_configure_keypair(struct ressl *ctx)
+{
+       if (SSL_CTX_use_certificate_file(ctx->ssl_ctx, ctx->config->cert_file,
+           SSL_FILETYPE_PEM) != 1) {
+               ressl_set_error(ctx, "failed to load certificate");
+               return (1);
+       }
+       if (SSL_CTX_use_PrivateKey_file(ctx->ssl_ctx, ctx->config->key_file,
+           SSL_FILETYPE_PEM) != 1) {
+               ressl_set_error(ctx, "failed to load private key");
+               return (1);
+       }
+       if (SSL_CTX_check_private_key(ctx->ssl_ctx) != 1) {
+               ressl_set_error(ctx, "private/public key mismatch");
+               return (1);
+       }
+       return (0);
+}
+
 void
 ressl_free(struct ressl *ctx)
 {

diff --git a/lib/libressl/ressl_internal.h b/lib/libressl/ressl_internal.h
index c33d4cf..0b6a58b 100644 (file)
--- a/lib/libressl/ressl_internal.h
+++ b/lib/libressl/ressl_internal.h
@@ -53,6 +53,7 @@ struct ressl {
 struct ressl *ressl_new(void);
 
 int ressl_check_hostname(X509 *cert, const char *host);
+int ressl_configure_keypair(struct ressl *ctx);
 int ressl_host_port(const char *hostport, char **host, char **port);
 int ressl_set_error(struct ressl *ctx, char *fmt, ...);