summaryrefslogtreecommitdiff
path: root/src/sbearssl/sbearssl_setclientcert.c
diff options
context:
space:
mode:
authorLaurent Bercot <ska-skaware@skarnet.org>2017-01-10 02:17:16 +0000
committerLaurent Bercot <ska-skaware@skarnet.org>2017-01-10 02:17:16 +0000
commit334d807b924427434b42d4fbae745d3d1b38a218 (patch)
tree6daf12c1e2fa07d2ac6255ef4439e2fb95a57f57 /src/sbearssl/sbearssl_setclientcert.c
parent43cb3ee4227de70e0225e9ac142b4d397f93cc41 (diff)
downloads6-networking-334d807b924427434b42d4fbae745d3d1b38a218.tar.xz
Types fix, first pass
XXX marks what must change when skalibs changes. Also started writing functions for client certificate support in sbearssl, but it's not working yet (need more high-level support from BearSSL before it can work)
Diffstat (limited to 'src/sbearssl/sbearssl_setclientcert.c')
-rw-r--r--src/sbearssl/sbearssl_setclientcert.c29
1 files changed, 29 insertions, 0 deletions
diff --git a/src/sbearssl/sbearssl_setclientcert.c b/src/sbearssl/sbearssl_setclientcert.c
new file mode 100644
index 0000000..07b1385
--- /dev/null
+++ b/src/sbearssl/sbearssl_setclientcert.c
@@ -0,0 +1,29 @@
+/* ISC license. */
+
+#include <sys/types.h>
+#include <bearssl.h>
+#include <s6-networking/sbearssl.h>
+
+int sbearssl_setclientcert (br_ssl_client_context *cc, br_x509_certificate const *certs, size_t certlen, br_skey const *key)
+{
+ if (!certlen) return 0 ;
+ switch (key.type)
+ {
+ case BR_KEYTYPE_RSA :
+ br_ssl_client_set_single_rsa(cc, certs, certlen, &key->rsa, &br_rsa_i31_pkcs1_sign) ;
+ break ;
+ case BR_KEYTYPE_EC :
+ {
+ int kt, r ;
+ r = sbearssl_ec_issuer_keytype(&kt, &certs[0]) ;
+ if (r) return r ;
+ br_ssl_client_set_single_ec(cc, certs, certlen, &key->ec, BR_KEYTYPE_KEYX | BR_KEYTYPE_SIGN, kt, &br_ec_prime_i31, ) ;
+ break ;
+ }
+ default :
+ strerr_dief1x(96, "unsupported private key type") ;
+ }
+
+
+ return 0 ;
+}