added support for client authentication via SSL

1 files changed, 12 insertions, 0 deletions

diff --git a/plugins/sslutils.c b/plugins/sslutils.c
index a1ce560d..4927e361 100644
--- a/plugins/sslutils.c
+++ b/plugins/sslutils.c
@@ -45,6 +45,10 @@ int np_net_ssl_init_with_hostname(int sd, char *host_name) {
 }
 
 int np_net_ssl_init_with_hostname_and_version(int sd, char *host_name, int version) {
+	return np_net_ssl_init_with_hostname_version_and_certificate(sd, host_name, version, NULL, NULL);
+}
+
+int np_net_ssl_init_with_hostname_version_and_certificate(int sd, char *host_name, int version, char *cert, char *privkey) {
 	const SSL_METHOD *method = NULL;
 
 	switch (version) {
@@ -80,6 +84,14 @@ int np_net_ssl_init_with_hostname_and_version(int sd, char *host_name, int versi
 		printf("%s\n", _("CRITICAL - Cannot create SSL context."));
 		return STATE_CRITICAL;
 	}
+	if (cert && privkey) {
+		SSL_CTX_use_certificate_file(c, cert, SSL_FILETYPE_PEM);
+		SSL_CTX_use_PrivateKey_file(c, privkey, SSL_FILETYPE_PEM);
+		if (!SSL_CTX_check_private_key(c)) {
+			printf ("%s\n", _("CRITICAL - Private key does not seem to match certificate!\n"));
+			return STATE_CRITICAL;
+		}
+	}
 #ifdef SSL_OP_NO_TICKET
 	SSL_CTX_set_options(c, SSL_OP_NO_TICKET);
 #endif