Provide a utility function for loading a private/public keypair.

2 files changed, 21 insertions, 0 deletions

diff --git a/src/lib/libressl/ressl.c b/src/lib/libressl/ressl.c
index e014d3e572..44a8a19421 100644
--- a/src/lib/libressl/ressl.c
+++ b/src/lib/libressl/ressl.c
@@ -90,6 +90,26 @@ ressl_configure(struct ressl *ctx, struct ressl_config *config)
         return (0);
 }
 
+int
+ressl_configure_keypair(struct ressl *ctx)
+{
+        if (SSL_CTX_use_certificate_file(ctx->ssl_ctx, ctx->config->cert_file,
+            SSL_FILETYPE_PEM) != 1) {
+                ressl_set_error(ctx, "failed to load certificate");
+                return (1);
+        }
+        if (SSL_CTX_use_PrivateKey_file(ctx->ssl_ctx, ctx->config->key_file,
+            SSL_FILETYPE_PEM) != 1) {
+                ressl_set_error(ctx, "failed to load private key");
+                return (1);
+        }
+        if (SSL_CTX_check_private_key(ctx->ssl_ctx) != 1) {
+                ressl_set_error(ctx, "private/public key mismatch");
+                return (1);
+        }
+        return (0);
+}
+
 void
 ressl_free(struct ressl *ctx)
 {
diff --git a/src/lib/libressl/ressl_internal.h b/src/lib/libressl/ressl_internal.h
index c33d4cff2e..0b6a58bf2d 100644
--- a/src/lib/libressl/ressl_internal.h
+++ b/src/lib/libressl/ressl_internal.h
@@ -53,6 +53,7 @@ struct ressl {
 struct ressl *ressl_new(void);
 
 int ressl_check_hostname(X509 *cert, const char *host);
+int ressl_configure_keypair(struct ressl *ctx);
 int ressl_host_port(const char *hostport, char **host, char **port);
 int ressl_set_error(struct ressl *ctx, char *fmt, ...);