From d494c31501635cbd5ae0e864849901bb3a4d3565 Mon Sep 17 00:00:00 2001
From: Adriaan de Jong <dejong@fox-it.com>
Date: Mon, 27 Jun 2011 14:13:16 +0200
Subject: [PATCH] Refactored windows cert loading

Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Signed-off-by: David Sommerseth <davids@redhat.com>
---
 ssl.c         |  7 ++-----
 ssl_backend.h | 11 +++++++++++
 ssl_openssl.c | 13 +++++++++++++
 3 files changed, 26 insertions(+), 5 deletions(-)

diff --git a/ssl.c b/ssl.c
index 4110004a8..a308598ec 100644
--- a/ssl.c
+++ b/ssl.c
@@ -2003,13 +2003,10 @@ init_ssl (const struct options *options, struct tls_root_ctx *new_ctx)
 #ifdef WIN32
   else if (options->cryptoapi_cert)
     {
-	  /* Load Certificate and Private Key */
-	  if (!SSL_CTX_use_CryptoAPI_certificate (ctx, options->cryptoapi_cert))
-	    msg (M_SSLERR, "Cannot load certificate \"%s\" from Microsoft Certificate Store",
-		 options->cryptoapi_cert);
+      tls_ctx_load_cryptoapi(new_ctx, options->cryptoapi_cert);
     }
-  else
 #endif
+  else
 	{
 	  X509 *my_cert = NULL;
 
diff --git a/ssl_backend.h b/ssl_backend.h
index 027026bf8..127647f09 100644
--- a/ssl_backend.h
+++ b/ssl_backend.h
@@ -161,6 +161,17 @@ int tls_ctx_load_pkcs11(struct tls_root_ctx *ctx,
     bool pkcs11_id_management, const char *pkcs11_id);
 #endif /* ENABLE_PKCS11 */
 
+/**
+ * Use Windows cryptoapi for key and cert, and add to library-specific TLS
+ * context.
+ *
+ * @param ctx			TLS context to use
+ * @param crypto_api_cert	String representing the certificate to load.
+ */
+#ifdef WIN32
+void tls_ctx_load_cryptoapi(struct tls_root_ctx *ctx, const char *cryptoapi_cert);
+#endif /* WIN32 */
+
 /**
  * Show the TLS ciphers that are available for us to use in the OpenSSL
  * library.
diff --git a/ssl_openssl.c b/ssl_openssl.c
index 8f5fa98eb..e774f56df 100644
--- a/ssl_openssl.c
+++ b/ssl_openssl.c
@@ -330,6 +330,19 @@ tls_ctx_load_pkcs11(struct tls_root_ctx *ctx, bool pkcs11_id_management,
 }
 #endif /* ENABLE_PKCS11 */
 
+#ifdef WIN32
+void
+tls_ctx_load_cryptoapi(struct tls_root_ctx *ctx, const char *cryptoapi_cert)
+{
+  ASSERT(NULL != ctx);
+
+  /* Load Certificate and Private Key */
+  if (!SSL_CTX_use_CryptoAPI_certificate (ctx->ctx, cryptoapi_cert))
+    msg (M_SSLERR, "Cannot load certificate \"%s\" from Microsoft Certificate Store",
+	   options->cryptoapi_cert);
+}
+#endif /* WIN32 */
+
 void
 show_available_tls_ciphers ()
 {
-- 
2.47.2