UseCertAndKey added.

New func:

* UseCertAndKey() int
  * mapped to SSL_CTX_use_cert_and_key
  https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_use_cert_and_key.html

ChangeLog:none
Signed-off-by: Peter Grzybowski <[email protected]>

Author: merlin-northern

ctx.go

@@ -239,6 +239,28 @@ func (c *Ctx) UsePrivateKey(key PrivateKey) error {
 	return nil
 }
 
+// UserCertAndKey configures the context to use the given certificate
+// and private key for the SSL handshakes.
+// It allows you to use private keys that are never accessible directly
+// e.g.: to which openssl has access only via Engine module.
+// https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_use_cert_and_key.html
+func (c *Ctx) UseCertAndKey(cert *Certificate, key *PrivateKey) error {
+	runtime.LockOSThread()
+	defer runtime.UnlockOSThread()
+	if key == nil {
+		//this is the case where the private key cannot be accessed here, e.g.:
+		//comes from the Engine (for instance a hw security module)
+		if int(C.SSL_CTX_use_cert_and_key(c.ctx, cert.x, nil, nil, 0)) != 1 {
+			return errorFromErrorQueue()
+		}
+	}
+	c.key = *key
+	if int(C.SSL_CTX_use_cert_and_key(c.ctx, cert.x, (*key).evpPKey(), nil, 0)) != 1 {
+		return errorFromErrorQueue()
+	}
+	return nil
+}
+
 type CertificateStore struct {
 	store *C.X509_STORE
 	// for GC