Factor our the keypair handling in libtls. This results in more readable

and self-contained code, while preparing for the ability to handle
multiple keypairs. Also provide two additional functions that allow
a public certificate and private key to be set with a single function
call.

ok beck@

1 files changed, 15 insertions, 8 deletions

diff --git a/lib/libtls/tls_internal.h b/lib/libtls/tls_internal.h
index 21bf2b46130..cb5d90f5427 100644
--- a/lib/libtls/tls_internal.h
+++ b/lib/libtls/tls_internal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_internal.h,v 1.27 2016/04/28 16:48:44 jsing Exp $ */
+/* $OpenBSD: tls_internal.h,v 1.28 2016/04/28 17:05:59 jsing Exp $ */
 /*
  * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org>
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
@@ -39,6 +39,17 @@ struct tls_error {
 	int num;
 };
 
+struct tls_keypair {
+	struct tls_keypair *next;
+
+	const char *cert_file;
+	char *cert_mem;
+	size_t cert_len;
+	const char *key_file;
+	char *key_mem;
+	size_t key_len;
+};
+
 struct tls_config {
 	struct tls_error error;
 
@@ -46,16 +57,11 @@ struct tls_config {
 	const char *ca_path;
 	char *ca_mem;
 	size_t ca_len;
-	const char *cert_file;
-	char *cert_mem;
-	size_t cert_len;
 	const char *ciphers;
 	int ciphers_server;
 	int dheparams;
 	int ecdhecurve;
-	const char *key_file;
-	char *key_mem;
-	size_t key_len;
+	struct tls_keypair *keypair;
 	uint32_t protocols;
 	int verify_cert;
 	int verify_client;
@@ -103,7 +109,8 @@ struct tls *tls_new(void);
 struct tls *tls_server_conn(struct tls *ctx);
 
 int tls_check_name(struct tls *ctx, X509 *cert, const char *servername);
-int tls_configure_keypair(struct tls *ctx, int);
+int tls_configure_keypair(struct tls *ctx, SSL_CTX *ssl_ctx,
+    struct tls_keypair *keypair, int required);
 int tls_configure_server(struct tls *ctx);
 int tls_configure_ssl(struct tls *ctx);
 int tls_configure_ssl_verify(struct tls *ctx, int verify);