Internal changes to allow for relayd engine privsep. sends the hash of the

public key as an identifier to RSA, and adds an function for relayd to
use to disable private key checking when doing engine privsep.
ok jsing@

1 files changed, 8 insertions, 1 deletions

diff --git a/src/lib/libtls/tls_config.c b/src/lib/libtls/tls_config.c
index 87c2166f9e..f5e0bf55e4 100644
--- a/src/lib/libtls/tls_config.c
+++ b/src/lib/libtls/tls_config.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_config.c,v 1.36 2017/01/31 16:18:57 beck Exp $ */
+/* $OpenBSD: tls_config.c,v 1.37 2017/04/05 03:13:53 beck Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  *
@@ -135,6 +135,7 @@ tls_keypair_free(struct tls_keypair *keypair)
         free(keypair->cert_mem);
         free(keypair->key_mem);
         free(keypair->ocsp_staple);
+        free(keypair->cert_hash);
 
         free(keypair);
 }
@@ -761,6 +762,12 @@ tls_config_verify_client_optional(struct tls_config *config)
         config->verify_client = 2;
 }
 
+void
+tls_config_skip_private_key_check(struct tls_config *config)
+{
+        config->skip_private_key_check = 1;
+}
+
 int
 tls_config_set_ocsp_staple_file(struct tls_config *config, const char *staple_file)
 {