Provide a ressl config function that explicitly clears keys.

Now that ressl config takes copies of the keys passed to it, the keys need
to be explicitly cleared. While this can be done by calling the appropriate
functions with a NULL pointer, it is simpler and more obvious to call one
function that does this for you.

ok tedu@

2 files changed, 10 insertions, 2 deletions

diff --git a/lib/libressl/ressl.h b/lib/libressl/ressl.h
index 192f863f44d..9795c3804bf 100644
--- a/lib/libressl/ressl.h
+++ b/lib/libressl/ressl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ressl.h,v 1.14 2014/09/28 06:24:00 tedu Exp $ */
+/* $OpenBSD: ressl.h,v 1.15 2014/09/28 14:46:09 jsing Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  *
@@ -44,6 +44,7 @@ int ressl_config_set_key_mem(struct ressl_config *config, const uint8_t *key,
 void ressl_config_set_verify_depth(struct ressl_config *config,
     int verify_depth);
 
+void ressl_config_clear_keys(struct ressl_config *config);
 void ressl_config_insecure_no_verify(struct ressl_config *config);
 void ressl_config_verify(struct ressl_config *config);
 
diff --git a/lib/libressl/ressl_config.c b/lib/libressl/ressl_config.c
index 5deb8d187fe..319bba330da 100644
--- a/lib/libressl/ressl_config.c
+++ b/lib/libressl/ressl_config.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ressl_config.c,v 1.9 2014/09/28 06:24:00 tedu Exp $ */
+/* $OpenBSD: ressl_config.c,v 1.10 2014/09/28 14:46:09 jsing Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  *
@@ -97,6 +97,13 @@ ressl_config_free(struct ressl_config *config)
 	free(config);
 }
 
+void
+ressl_config_clear_keys(struct ressl_config *config)
+{
+	ressl_config_set_cert_mem(config, NULL, 0);
+	ressl_config_set_key_mem(config, NULL, 0);
+}
+
 int
 ressl_config_set_ca_file(struct ressl_config *config, const char *ca_file)
 {