Split keypair handling out into its own file - it had already appeared

in multiple locations.

ok beck@

1 files changed, 1 insertions, 38 deletions

diff --git a/lib/libtls/tls_server.c b/lib/libtls/tls_server.c
index e1011769f63..98b09574371 100644
--- a/lib/libtls/tls_server.c
+++ b/lib/libtls/tls_server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_server.c,v 1.42 2017/09/20 17:05:17 jsing Exp $ */
+/* $OpenBSD: tls_server.c,v 1.43 2018/02/08 05:56:49 jsing Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  *
@@ -204,43 +204,6 @@ tls_server_ticket_cb(SSL *ssl, unsigned char *keyname, unsigned char *iv,
 }
 
 static int
-tls_keypair_load_cert(struct tls_keypair *keypair, struct tls_error *error,
-    X509 **cert)
-{
-	char *errstr = "unknown";
-	BIO *cert_bio = NULL;
-	int ssl_err;
-	int rv = -1;
-
-	X509_free(*cert);
-	*cert = NULL;
-
-	if (keypair->cert_mem == NULL) {
-		tls_error_set(error, "keypair has no certificate");
-		goto err;
-	}
-	if ((cert_bio = BIO_new_mem_buf(keypair->cert_mem,
-	    keypair->cert_len)) == NULL) {
-		tls_error_set(error, "failed to create certificate bio");
-		goto err;
-	}
-	if ((*cert = PEM_read_bio_X509(cert_bio, NULL, tls_password_cb,
-	    NULL)) == NULL) {
-		if ((ssl_err = ERR_peek_error()) != 0)
-		    errstr = ERR_error_string(ssl_err, NULL);
-		tls_error_set(error, "failed to load certificate: %s", errstr);
-		goto err;
-	}
-
-	rv = 0;
-
- err:
-	BIO_free(cert_bio);
-
-	return (rv);
-}
-
-static int
 tls_configure_server_ssl(struct tls *ctx, SSL_CTX **ssl_ctx,
     struct tls_keypair *keypair)
 {