commit c26692cfdd9b0c86f2573ad03461416c9702bd39
author Adam Langley <agl@google.com> Wed Jan 25 09:34:42 2017 -0800
committer Adam Langley <agl@google.com> Wed Feb 01 20:00:10 2017 +0000
tree 3545df3192e2fa6265f921e085862407d179c000
parent e1e78130f51288d65be0b43eebbe13385068980f

Push the use of X509 upwards, out of |ssl_set_cert|.

This change moves the interface between |X509| and |CRYPTO_BUFFER| a
little further out, towards the API.

Change-Id: I1c014d20f12ad83427575843ca0b3bb22de1a694
Reviewed-on: https://boringssl-review.googlesource.com/13365
Reviewed-by: Adam Langley <agl@google.com>

ssl/internal.h

diff --git a/ssl/internal.h b/ssl/internal.h
index 5364f99..d3bbe3e 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h
@@ -1702,6 +1702,11 @@
 CRYPTO_BUFFER *x509_to_buffer(X509 *x509);
 void ssl_cert_flush_cached_x509_leaf(CERT *cert);
 int ssl_cert_cache_leaf_cert(CERT *cert);
+/* ssl_compare_public_and_private_key returns one if |pubkey| is the public
+ * counterpart to |privkey|. Otherwise it returns zero and pushes a helpful
+ * message on the error queue. */
+int ssl_compare_public_and_private_key(const EVP_PKEY *pubkey,
+                                       const EVP_PKEY *privkey);
 int ssl_cert_check_private_key(const CERT *cert, const EVP_PKEY *privkey);
 int ssl_get_new_session(SSL_HANDSHAKE *hs, int is_server);
 int ssl_encrypt_ticket(SSL *ssl, CBB *out, const SSL_SESSION *session);