Don't use tls_cert_hash for the hashing used by the engine offloading magic

for the TLS privsep code. Instead use X509_pubkey_digest() because only the
key should be used as identifier. Relayd is rewriting certificates and then
the hash would change. Rename the hash is struct tls_keypair to pubkey_hash
to make clear what this hash is about.
With input and OK jsing@

1 files changed, 2 insertions, 2 deletions

diff --git a/src/lib/libtls/tls_internal.h b/src/lib/libtls/tls_internal.h
index bed9d6e7f4..6079babccf 100644
--- a/src/lib/libtls/tls_internal.h
+++ b/src/lib/libtls/tls_internal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_internal.h,v 1.62 2017/07/06 17:12:22 jsing Exp $ */
+/* $OpenBSD: tls_internal.h,v 1.63 2017/08/09 21:27:24 claudio Exp $ */
 /*
  * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org>
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
@@ -53,7 +53,7 @@ struct tls_keypair {
         size_t key_len;
         char *ocsp_staple;
         size_t ocsp_staple_len;
-        char *cert_hash;
+        char *pubkey_hash;
 };
 
 #define TLS_MIN_SESSION_TIMEOUT (4)