}
EVP_PKEY_free(pkey);
}
+ if (nid == 0 && set->alt_cert.key != NULL) {
+ if (openssl_iostream_load_key(&set->alt_cert, &pkey, error_r) < 0)
+ return -1;
+
+ if ((eckey = EVP_PKEY_get1_EC_KEY(pkey)) != NULL &&
+ (ecgrp = EC_KEY_get0_group(eckey)) != NULL)
+ nid = EC_GROUP_get_curve_name(ecgrp);
+ else {
+ /* clear errors added by the above calls */
+ openssl_iostream_clear_errors();
+ }
+ EVP_PKEY_free(pkey);
+ }
*nid_r = nid;
return 0;
if (openssl_iostream_use_key(ssl_io, &set->cert, error_r) < 0)
return -1;
}
+ if (set->alt_cert.cert != NULL && strcmp(ctx_set->alt_cert.cert, set->alt_cert.cert) != 0) {
+ if (openssl_iostream_use_certificate(ssl_io, set->alt_cert.cert, error_r) < 0)
+ return -1;
+ }
+ if (set->alt_cert.key != NULL && strcmp(ctx_set->alt_cert.key, set->alt_cert.key) != 0) {
+ if (openssl_iostream_use_key(ssl_io, &set->alt_cert, error_r) < 0)
+ return -1;
+ }
if (set->verify_remote_cert) {
if (ssl_io->ctx->client_ctx)
verify_flags = SSL_VERIFY_NONE;
new_set->cert.cert = p_strdup(pool, old_set->cert.cert);
new_set->cert.key = p_strdup(pool, old_set->cert.key);
new_set->cert.key_password = p_strdup(pool, old_set->cert.key_password);
+ new_set->alt_cert.cert = p_strdup(pool, old_set->alt_cert.cert);
+ new_set->alt_cert.key = p_strdup(pool, old_set->alt_cert.key);
+ new_set->alt_cert.key_password = p_strdup(pool, old_set->alt_cert.key_password);
new_set->cert_username_field = p_strdup(pool, old_set->cert_username_field);
new_set->crypto_device = p_strdup(pool, old_set->crypto_device);
const char *cipher_list;
const char *curve_list;
const char *ca, *ca_file, *ca_dir; /* context-only */
+ /* alternative cert is for providing certificate using
+ different key algorithm */
struct ssl_iostream_cert cert; /* both */
+ struct ssl_iostream_cert alt_cert;
const char *dh;
const char *cert_username_field;
const char *crypto_device; /* context-only */
projects / thirdparty / dovecot / core.git / commitdiff
