X509Credentials(const std::string& certstr, const std::string& keystr)
: key(keystr)
, certs(certstr)
{
// Throwing is ok here, the destructor of Credentials is called in that case
int ret = gnutls_certificate_set_x509_key(cred, certs.raw(), certs.size(), key.get());
ThrowOnError(ret, "Unable to set cert/key pair");
#ifdef GNUTLS_NEW_CERT_CALLBACK_API
gnutls_certificate_set_retrieve_function(cred, cert_callback);
#else
gnutls_certificate_client_set_retrieve_function(cred, cert_callback);
#endif
}
X509Credentials(const std::string& certstr, const std::string& keystr)
: key(keystr)
, certs(certstr)
{
// Verify that one of the certs match the private key
bool found = false;
for (mbedtls_x509_crt* cert = certs.get(); cert; cert = cert->next)
{
if (mbedtls_pk_check_pair(&cert->pk, key.get()) == 0)
{
found = true;
break;
}
}
if (!found)
throw Exception("Public/private key pair does not match");
}
mbedtls_pk_context* getkey() {
return key.get();
}
