UseCertAndKey added.

New func: * UseCertAndKey() int * mapped to SSL_CTX_use_cert_and_key https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_use_cert_and_key.html ChangeLog:none Signed-off-by: Peter Grzybowski <[email protected]>
spacemonkeygo · Aug 8, 2020 · f958165 · f958165
1 parent c2dcc5c
commit f958165
Showing 1 changed file with 23 additions and 0 deletions.
diff --git a/ctx.go b/ctx.go
@@ -239,6 +239,29 @@ func (c *Ctx) UsePrivateKey(key PrivateKey) error {
 	return nil
 }
 
+// UserCertAndKey configures the context to use the given certificate
+// and private key for the SSL handshakes.
+// It allows you to use private keys that are never accessible directly
+// e.g.: to which openssl has access only via Engine module.
+// https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_use_cert_and_key.html
+func (c *Ctx) UseCertAndKey(cert *Certificate, key *PrivateKey) error {
+	runtime.LockOSThread()
+	defer runtime.UnlockOSThread()
+	if key == nil {
+		//this is the case where the private key cannot be accessed here, e.g.:
+		//comes from the Engine (for instance a hw security module)
+		if int(C.SSL_CTX_use_cert_and_key(c.ctx, cert.x, nil, nil, 0)) != 1 {
+			return errorFromErrorQueue()
+		}
+		return nil
+	}
+	c.key = *key
+	if int(C.SSL_CTX_use_cert_and_key(c.ctx, cert.x, (*key).evpPKey(), nil, 0)) != 1 {
+		return errorFromErrorQueue()
+	}
+	return nil
+}
+
 type CertificateStore struct {
 	store *C.X509_STORE
 	// for GC