Support reading of cert/private key from memory

savonet · Sep 22, 2019 · 4c2247d · 4c2247d
1 parent 9dd1cbf
commit 4c2247d
Show file tree

Hide file tree

Showing 3 changed files with 40 additions and 0 deletions.
diff --git a/src/ssl.ml b/src/ssl.ml
@@ -157,6 +157,8 @@ external create_context : protocol -> context_type -> context = "ocaml_ssl_creat
 
 external use_certificate : context -> string -> string -> unit = "ocaml_ssl_ctx_use_certificate"
 
+external use_certificate_from_string : context -> string -> string -> unit = "ocaml_ssl_ctx_use_certificate_from_string"
+
 external set_password_callback : context -> (bool -> string) -> unit = "ocaml_ssl_ctx_set_default_passwd_cb"
 
 external embed_socket : Unix.file_descr -> context -> socket = "ocaml_ssl_embed_socket"

diff --git a/src/ssl.mli b/src/ssl.mli
@@ -245,6 +245,8 @@ val create_context : protocol -> context_type -> context
   * name. *)
 val use_certificate : context -> string -> string -> unit
 
+val use_certificate_from_string : context -> string -> string -> unit
+
 (** Set the callback function called to get passwords for encrypted PEM files.
   * The callback function takes a boolean argument which indicates if it's used
   * for reading/decryption ([false]) or writing/encryption ([true]).

diff --git a/src/ssl_stubs.c b/src/ssl_stubs.c
@@ -470,6 +470,42 @@ CAMLprim value ocaml_ssl_ctx_use_certificate(value context, value cert, value pr
   CAMLreturn(Val_unit);
 }
 
+CAMLprim value ocaml_ssl_ctx_use_certificate_from_string(value context, value cert, value privkey)
+{
+  CAMLparam3(context, cert, privkey);
+  SSL_CTX *ctx = Ctx_val(context);
+  char *cert_data = String_val(cert);
+  int cert_data_length = caml_string_length(cert);
+  char *privkey_data = String_val(privkey);
+  int privkey_data_length = caml_string_length(privkey);
+  char buf[256];
+  X509 *x509_cert = NULL;
+  RSA *rsa = NULL;
+  BIO *cbio, *kbio;
+
+  cbio = BIO_new_mem_buf((void*)cert_data, cert_data_length);
+  x509_cert = PEM_read_bio_X509(cbio, NULL, 0, NULL);
+  if (NULL == x509_cert || SSL_CTX_use_certificate(ctx, x509_cert) <= 0)
+  {
+    ERR_error_string_n(ERR_get_error(), buf, sizeof(buf));
+    caml_raise_with_arg(*caml_named_value("ssl_exn_certificate_error"), caml_copy_string(buf));
+  }
+
+  kbio = BIO_new_mem_buf((void*)privkey_data, privkey_data_length);
+  rsa = PEM_read_bio_RSAPrivateKey(kbio, NULL, 0, NULL);
+  if (NULL == rsa || SSL_CTX_use_RSAPrivateKey(ctx, rsa) <= 0)
+  {
+    ERR_error_string_n(ERR_get_error(), buf, sizeof(buf));
+    caml_raise_with_arg(*caml_named_value("ssl_exn_private_key_error"), caml_copy_string(buf));
+  }
+  if (!SSL_CTX_check_private_key(ctx))
+  {
+    caml_raise_constant(*caml_named_value("ssl_exn_unmatching_keys"));
+  }
+
+  CAMLreturn(Val_unit);
+}
+
 CAMLprim value ocaml_ssl_get_verify_result(value socket)
 {
   CAMLparam1(socket);