commit 9c5586a7bf8607e59fad4075f6d4bf395aa21c3c
from: Omar Polo <op@omarpolo.com>
date: Sun Feb 18 22:57:08 2024 UTC

bufio: add support for client certificates

commit - 3c988896864936c102af8385869837946fced61d
commit + 9c5586a7bf8607e59fad4075f6d4bf395aa21c3c
blob - 206ee78efb1955999fa7b5f07b4d46e73115e8d3
blob + 064c18f6758c1ace073adc8c337fc893bdd411d2
--- bufio.c
+++ bufio.c
@@ -167,7 +167,8 @@ bufio_set_fd(struct bufio *bio, int fd)
 }
 
 int
-bufio_starttls(struct bufio *bio, const char *host, int insecure)
+bufio_starttls(struct bufio *bio, const char *host, int insecure,
+    const uint8_t *cert, size_t certlen, const uint8_t *key, size_t keylen)
 {
 	struct tls_config	*conf;
 
@@ -180,6 +181,12 @@ bufio_starttls(struct bufio *bio, const char *host, in
 		tls_config_insecure_noverifytime(conf);
 	}
 
+	if (cert && tls_config_set_keypair_mem(conf, cert, certlen,
+	    key, keylen) == -1) {
+		tls_config_free(conf);
+		return (-1);
+	}
+
 	if ((bio->ctx = tls_client()) == NULL) {
 		tls_config_free(conf);
 		return (-1);
blob - 2f0bf2f15c7a368faefd485f27030f327522e850
blob + cdf4c6716a1564598318b82601354caf3d0406f1
--- bufio.h
+++ bufio.h
@@ -52,7 +52,8 @@ void	bufio_free(struct bufio *);
 int	bufio_close(struct bufio *);
 int	bufio_reset(struct bufio *);
 void	bufio_set_fd(struct bufio *, int);
-int	bufio_starttls(struct bufio *, const char *, int);
+int	bufio_starttls(struct bufio *, const char *, int,
+	    const uint8_t *, size_t, const uint8_t *, size_t);
 int	bufio_ev(struct bufio *);
 ssize_t	bufio_read(struct bufio *);
 ssize_t	bufio_write(struct bufio *);