Provide SSL_CTX_get0_certificate()

3 files changed, 13 insertions, 2 deletions

diff --git a/lib/libssl/Symbols.list b/lib/libssl/Symbols.list
index e2862d62436..f24c7fc9b63 100644
--- a/lib/libssl/Symbols.list
+++ b/lib/libssl/Symbols.list
@@ -56,6 +56,7 @@ SSL_CTX_check_private_key
 SSL_CTX_ctrl
 SSL_CTX_flush_sessions
 SSL_CTX_free
+SSL_CTX_get0_certificate
 SSL_CTX_get0_param
 SSL_CTX_get_cert_store
 SSL_CTX_get_client_CA_list
diff --git a/lib/libssl/ssl.h b/lib/libssl/ssl.h
index bc0f5316a47..0784ce1ef73 100644
--- a/lib/libssl/ssl.h
+++ b/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.137 2018/02/17 15:08:21 jsing Exp $ */
+/* $OpenBSD: ssl.h,v 1.138 2018/02/17 15:13:12 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1215,6 +1215,7 @@ long SSL_CTX_set_timeout(SSL_CTX *ctx, long t);
 long SSL_CTX_get_timeout(const SSL_CTX *ctx);
 X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *);
 void SSL_CTX_set_cert_store(SSL_CTX *, X509_STORE *);
+X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx);
 int SSL_want(const SSL *s);
 int	SSL_clear(SSL *s);
 
diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c
index 16f2b546379..79021d7e0be 100644
--- a/lib/libssl/ssl_lib.c
+++ b/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.174 2018/02/14 17:08:44 jsing Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.175 2018/02/17 15:13:12 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -2877,6 +2877,15 @@ SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store)
 	ctx->cert_store = store;
 }
 
+X509 *
+SSL_CTX_get0_certificate(const SSL_CTX *ctx)
+{
+	if (ctx->internal->cert == NULL)
+		return NULL;
+
+	return ctx->internal->cert->key->x509;
+}
+
 int
 SSL_want(const SSL *s)
 {