2 files changed, 21 insertions, 0 deletions
diff --git a/src/lib/libressl/ressl.c b/src/lib/libressl/ressl.c
index e014d3e572..44a8a19421 100644
--- a/src/lib/libressl/ressl.c
+++ b/src/lib/libressl/ressl.c
@@ -90,6 +90,26 @@ ressl_configure(struct ressl *ctx, struct ressl_config *config)
        return (0);
 }
+int
+ressl_configure_keypair(struct ressl *ctx)
+{
+        if (SSL_CTX_use_certificate_file(ctx->ssl_ctx, ctx->config->cert_file,
+            SSL_FILETYPE_PEM) != 1) {
+                ressl_set_error(ctx, "failed to load certificate");
+                return (1);
+        }
+        if (SSL_CTX_use_PrivateKey_file(ctx->ssl_ctx, ctx->config->key_file,
+            SSL_FILETYPE_PEM) != 1) {
+                ressl_set_error(ctx, "failed to load private key");
+                return (1);
+        }
+        if (SSL_CTX_check_private_key(ctx->ssl_ctx) != 1) {
+                ressl_set_error(ctx, "private/public key mismatch");
+                return (1);
+        }
+        return (0);
+}
 void
 ressl_free(struct ressl *ctx)
 {
diff --git a/src/lib/libressl/ressl_internal.h b/src/lib/libressl/ressl_internal.h
index c33d4cff2e..0b6a58bf2d 100644
--- a/src/lib/libressl/ressl_internal.h
+++ b/src/lib/libressl/ressl_internal.h
@@ -53,6 +53,7 @@ struct ressl {
 struct ressl *ressl_new(void);
 int ressl_check_hostname(X509 *cert, const char *host);
+int ressl_configure_keypair(struct ressl *ctx);
 int ressl_host_port(const char *hostport, char **host, char **port);
 int ressl_set_error(struct ressl *ctx, char *fmt, ...);

diff --git a/src/lib/libressl/ressl.c b/src/lib/libressl/ressl.c index e014d3e572..44a8a19421 100644 --- a/src/lib/libressl/ressl.c +++ b/src/lib/libressl/ressl.c
@@ -90,6 +90,26 @@ ressl_configure(struct ressl ctx, struct ressl_config config)
90	return (0);	90	return (0);
91	}	91	}
92		92
		93	int
		94	ressl_configure_keypair(struct ressl *ctx)
		95	{
		96	if (SSL_CTX_use_certificate_file(ctx->ssl_ctx, ctx->config->cert_file,
		97	SSL_FILETYPE_PEM) != 1) {
		98	ressl_set_error(ctx, "failed to load certificate");
		99	return (1);
		100	}
		101	if (SSL_CTX_use_PrivateKey_file(ctx->ssl_ctx, ctx->config->key_file,
		102	SSL_FILETYPE_PEM) != 1) {
		103	ressl_set_error(ctx, "failed to load private key");
		104	return (1);
		105	}
		106	if (SSL_CTX_check_private_key(ctx->ssl_ctx) != 1) {
		107	ressl_set_error(ctx, "private/public key mismatch");
		108	return (1);
		109	}
		110	return (0);
		111	}
		112
93	void	113	void
94	ressl_free(struct ressl *ctx)	114	ressl_free(struct ressl *ctx)
95	{	115	{


diff --git a/src/lib/libressl/ressl_internal.h b/src/lib/libressl/ressl_internal.h index c33d4cff2e..0b6a58bf2d 100644 --- a/src/lib/libressl/ressl_internal.h +++ b/src/lib/libressl/ressl_internal.h
@@ -53,6 +53,7 @@ struct ressl {
53	struct ressl *ressl_new(void);	53	struct ressl *ressl_new(void);
54		54
55	int ressl_check_hostname(X509 cert, const char host);	55	int ressl_check_hostname(X509 cert, const char host);
		56	int ressl_configure_keypair(struct ressl *ctx);
56	int ressl_host_port(const char hostport, char host, char *port);	57	int ressl_host_port(const char hostport, char host, char *port);
57	int ressl_set_error(struct ressl ctx, char fmt, ...);	58	int ressl_set_error(struct ressl ctx, char fmt, ...);
58		59