From fa2d9de703f0090c30f45cb99f79591dad4ed787 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Sat, 17 Feb 2018 15:13:12 +0000
Subject: Provide SSL_CTX_get0_certificate()

---
 src/lib/libssl/Symbols.list |  1 +
 src/lib/libssl/ssl.h        |  3 ++-
 src/lib/libssl/ssl_lib.c    | 11 ++++++++++-
 3 files changed, 13 insertions(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/lib/libssl/Symbols.list b/src/lib/libssl/Symbols.list
index e2862d6243..f24c7fc9b6 100644
--- a/src/lib/libssl/Symbols.list
+++ b/src/lib/libssl/Symbols.list
@@ -56,6 +56,7 @@ SSL_CTX_check_private_key
 SSL_CTX_ctrl
 SSL_CTX_flush_sessions
 SSL_CTX_free
+SSL_CTX_get0_certificate
 SSL_CTX_get0_param
 SSL_CTX_get_cert_store
 SSL_CTX_get_client_CA_list
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index bc0f5316a4..0784ce1ef7 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.137 2018/02/17 15:08:21 jsing Exp $ */
+/* $OpenBSD: ssl.h,v 1.138 2018/02/17 15:13:12 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1215,6 +1215,7 @@ long SSL_CTX_set_timeout(SSL_CTX *ctx, long t);
 long SSL_CTX_get_timeout(const SSL_CTX *ctx);
 X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *);
 void SSL_CTX_set_cert_store(SSL_CTX *, X509_STORE *);
+X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx);
 int SSL_want(const SSL *s);
 int	SSL_clear(SSL *s);
 
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index 16f2b54637..79021d7e0b 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.174 2018/02/14 17:08:44 jsing Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.175 2018/02/17 15:13:12 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -2877,6 +2877,15 @@ SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store)
 	ctx->cert_store = store;
 }
 
+X509 *
+SSL_CTX_get0_certificate(const SSL_CTX *ctx)
+{
+	if (ctx->internal->cert == NULL)
+		return NULL;
+
+	return ctx->internal->cert->key->x509;
+}
+
 int
 SSL_want(const SSL *s)
 {
-- 
cgit v1.2.3-55-g6feb