From f95816551fba411a191d8c7bed7eff212b8952d4 Mon Sep 17 00:00:00 2001
From: Peter Grzybowski <peter@northern.tech>
Date: Sat, 8 Aug 2020 11:16:27 +0200
Subject: [PATCH] UseCertAndKey added.

New func:

* UseCertAndKey() int
  * mapped to SSL_CTX_use_cert_and_key
  https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_use_cert_and_key.html

ChangeLog:none
Signed-off-by: Peter Grzybowski <peter@northern.tech>
---
 ctx.go | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/ctx.go b/ctx.go
index 33befc40..8e876c62 100644
--- a/ctx.go
+++ b/ctx.go
@@ -239,6 +239,29 @@ func (c *Ctx) UsePrivateKey(key PrivateKey) error {
 	return nil
 }
 
+// UserCertAndKey configures the context to use the given certificate
+// and private key for the SSL handshakes.
+// It allows you to use private keys that are never accessible directly
+// e.g.: to which openssl has access only via Engine module.
+// https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_use_cert_and_key.html
+func (c *Ctx) UseCertAndKey(cert *Certificate, key *PrivateKey) error {
+	runtime.LockOSThread()
+	defer runtime.UnlockOSThread()
+	if key == nil {
+		//this is the case where the private key cannot be accessed here, e.g.:
+		//comes from the Engine (for instance a hw security module)
+		if int(C.SSL_CTX_use_cert_and_key(c.ctx, cert.x, nil, nil, 0)) != 1 {
+			return errorFromErrorQueue()
+		}
+		return nil
+	}
+	c.key = *key
+	if int(C.SSL_CTX_use_cert_and_key(c.ctx, cert.x, (*key).evpPKey(), nil, 0)) != 1 {
+		return errorFromErrorQueue()
+	}
+	return nil
+}
+
 type CertificateStore struct {
 	store *C.X509_STORE
 	// for GC