about summary refs log tree commit diff
path: root/tls_config.c
diff options
context:
space:
mode:
authorC. McEnroe <june@causal.agency>2021-04-18 17:20:54 -0400
committerC. McEnroe <june@causal.agency>2021-04-18 17:20:54 -0400
commitbe8eb3b67ce4718ca94287a68e0babc715afcd21 (patch)
tree5ca8bea74d0b5b03e7c6906fa9183b959d5c2b87 /tls_config.c
parentImport LibreSSL 3.3.1 (diff)
Import LibreSSL 3.3.2
Diffstat (limited to 'tls_config.c')
-rw-r--r--tls_config.c17
1 files changed, 14 insertions, 3 deletions
diff --git a/tls_config.c b/tls_config.c
index ed47170..9144dad 100644
--- a/tls_config.c
+++ b/tls_config.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_config.c,v 1.58 2020/01/20 08:39:21 jsing Exp $ */
+/* $OpenBSD: tls_config.c,v 1.63 2021/01/21 22:03:25 eric Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  *
@@ -179,6 +179,8 @@ tls_config_free(struct tls_config *config)
 	free((char *)config->crl_mem);
 	free(config->ecdhecurves);
 
+	pthread_mutex_destroy(&config->mutex);
+
 	free(config);
 }
 
@@ -351,7 +353,8 @@ tls_config_add_keypair_file_internal(struct tls_config *config,
 		return (-1);
 	if (tls_keypair_set_cert_file(keypair, &config->error, cert_file) != 0)
 		goto err;
-	if (tls_keypair_set_key_file(keypair, &config->error, key_file) != 0)
+	if (key_file != NULL &&
+	    tls_keypair_set_key_file(keypair, &config->error, key_file) != 0)
 		goto err;
 	if (ocsp_file != NULL &&
 	    tls_keypair_set_ocsp_staple_file(keypair, &config->error,
@@ -378,7 +381,8 @@ tls_config_add_keypair_mem_internal(struct tls_config *config, const uint8_t *ce
 		return (-1);
 	if (tls_keypair_set_cert_mem(keypair, &config->error, cert, cert_len) != 0)
 		goto err;
-	if (tls_keypair_set_key_mem(keypair, &config->error, key, key_len) != 0)
+	if (key != NULL &&
+	    tls_keypair_set_key_mem(keypair, &config->error, key, key_len) != 0)
 		goto err;
 	if (staple != NULL &&
 	    tls_keypair_set_ocsp_staple_mem(keypair, &config->error, staple,
@@ -803,6 +807,13 @@ tls_config_skip_private_key_check(struct tls_config *config)
 	config->skip_private_key_check = 1;
 }
 
+void
+tls_config_use_fake_private_key(struct tls_config *config)
+{
+	config->use_fake_private_key = 1;
+	config->skip_private_key_check = 1;
+}
+
 int
 tls_config_set_ocsp_staple_file(struct tls_config *config, const char *staple_file)
 {