[WIP] Allow keys without available public key to be used for SSL #10954
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is the continuation of #1551. This is actually against 1.1.1 not 3.0.0 as discussed, but it's basically the same and testing on 1.1.1 means I don't have to rebuild the whole world including the PKCS#11 engine.
It's a special case for EC for now; we can later extend the generic EVP_PKEY API to have a generic "here's a public key I checked matches this private key; you might want to remember it" method.
But first we need to deal with the fact that X509_check_private_key(), where we want to do this thing, now takes a 'const' private key, so it's not clear if we should be doing anything of that form at all.
From my notes in #1551;
The correct way to fix that is not obvious. Is the first argument to EVP_PKEY_CTX_new() really not const? Casting to non-const seems wrong, and that's just for the first part. When we later come to copy the public key data, it gets even wronger...