Add a new API function SSL_CTX_use_certificate_chain() that allows to

read the PEM-encoded certificate chain from memory instead of a file.
This idea is derived from an older implementation in relayd that was
needed to use the function with a privep'ed process in a chroot.  Now
it is time to get it into LibreSSL to make the API more privsep-
friendly and to make it available for other programs and the ressl
library.

ok jsing@ miod@

1 files changed, 2 insertions, 1 deletions

diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index 3b948245f2..c7dd4259cc 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.65 2014/09/27 11:01:06 jsing Exp $ */
+/* $OpenBSD: ssl.h,v 1.66 2014/09/28 14:45:48 reyk Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1530,6 +1530,7 @@ int	SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type);
 int     SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type);
 int     SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type);
 int     SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); /* PEM type */
+int     SSL_CTX_use_certificate_chain(SSL_CTX *ctx, void *buf, int len);
 STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);
 int     SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
             const char *file);