andj/gist:1171400

## gistfile1.diff
--- /tmp/removed123.txt	2011-08-25 20:33:49.899831556 +0200
+++ /tmp/added123.txt	2011-08-25 20:33:49.919841556 +0200
@@ -1,4 +1,25 @@
--- a/ssl.c
+++ b/ssl.c
+          if (0 != tls_ctx_load_priv_file(new_ctx, options->priv_key_file, options->priv_key_file_inline))
+++ b/ssl_backend.h
+ * Load private key file into the given TLS context.
+ *
+ * @param ctx			TLS context to use
+ * @param priv_key_file		The file name to load the private key from, or
+ * 				"[[INLINE]]" in the case of inline files.
+ * @param priv_key_file_inline	A string containing the private key
+ *
+ * @return 			1 if an error occurred, 0 if parsing was
+ * 				successful.
+ */
+int tls_ctx_load_priv_file (struct tls_root_ctx *ctx, const char *priv_key_file
+#if ENABLE_INLINE_FILES
+    , const char *priv_key_file_inline
+#endif
+    );
+
+/**
+++ b/ssl_openssl.c
+#if ENABLE_INLINE_FILES
 static int
 use_inline_PrivateKey_file (SSL_CTX *ctx, const char *key_string)
 {
@@ -26,19 +47,28 @@
     BIO_free (in);
   return ret;
 }
+#endif /* ENABLE_INLINE_FILES */
+
+int
+tls_ctx_load_priv_file (struct tls_root_ctx *ctx, const char *priv_key_file
+#if ENABLE_INLINE_FILES
+    , const char *priv_key_file_inline
+#endif
+    )
+{
+  ASSERT(NULL != ctx);

-      /* Use seperate PEM files for key, cert and CA certs */
 	      int status;

 #if ENABLE_INLINE_FILES
-	      if (!strcmp (options->priv_key_file, INLINE_FILE_TAG) && options->priv_key_file_inline)
+  if (!strcmp (priv_key_file, INLINE_FILE_TAG) && priv_key_file_inline)
 		{
-		  status = use_inline_PrivateKey_file (ctx, options->priv_key_file_inline);
+      status = use_inline_PrivateKey_file (ctx->ctx, priv_key_file_inline);
 		}
 	      else
-#endif
+#endif /* ENABLE_INLINE_FILES */
 	      {
-		status = SSL_CTX_use_PrivateKey_file (ctx, options->priv_key_file, SSL_FILETYPE_PEM);
+      status = SSL_CTX_use_PrivateKey_file (ctx->ctx, priv_key_file, SSL_FILETYPE_PEM);
 	      }
 	      if (!status)
 		{
@@ -46,12 +76,15 @@
 		  if (management && (ERR_GET_REASON (ERR_peek_error()) == EVP_R_BAD_DECRYPT))
 		    management_auth_failure (management, UP_TYPE_PRIVATE_KEY, NULL);
 #endif
-		  msg (M_WARN|M_SSL, "Cannot load private key file %s", options->priv_key_file);
-	      warn_if_group_others_accessible (options->priv_key_file);
+      msg (M_WARN|M_SSL, "Cannot load private key file %s", priv_key_file);
+      return 1;
+    }
+  warn_if_group_others_accessible (priv_key_file);

 	      /* Check Private Key */
-	      if (!SSL_CTX_check_private_key (ctx))
+  if (!SSL_CTX_check_private_key (ctx->ctx))
 		msg (M_SSLERR, "Private key does not match the certificate");
+  return 0;
+
 	    }
--- a/ssl_backend.h
--- a/ssl_openssl.c
+
	--- /tmp/removed123.txt 2011-08-25 20:33:49.899831556 +0200
	+++ /tmp/added123.txt 2011-08-25 20:33:49.919841556 +0200
	@@ -1,4 +1,25 @@
	--- a/ssl.c
	+++ b/ssl.c
	+ if (0 != tls_ctx_load_priv_file(new_ctx, options->priv_key_file, options->priv_key_file_inline))
	+++ b/ssl_backend.h
	+ * Load private key file into the given TLS context.
	+ *
	+ * @param ctx TLS context to use
	+ * @param priv_key_file The file name to load the private key from, or
	+ * "[[INLINE]]" in the case of inline files.
	+ * @param priv_key_file_inline A string containing the private key
	+ *
	+ * @return 1 if an error occurred, 0 if parsing was
	+ * successful.
	+ */
	+int tls_ctx_load_priv_file (struct tls_root_ctx ctx, const char priv_key_file
	+#if ENABLE_INLINE_FILES
	+ , const char *priv_key_file_inline
	+#endif
	+ );
	+
	+/**
	+++ b/ssl_openssl.c
	+#if ENABLE_INLINE_FILES
	static int
	use_inline_PrivateKey_file (SSL_CTX ctx, const char key_string)
	{
	@@ -26,19 +47,28 @@
	BIO_free (in);
	return ret;
	}
	+#endif /* ENABLE_INLINE_FILES */
	+
	+int
	+tls_ctx_load_priv_file (struct tls_root_ctx ctx, const char priv_key_file
	+#if ENABLE_INLINE_FILES
	+ , const char *priv_key_file_inline
	+#endif
	+ )
	+{
	+ ASSERT(NULL != ctx);

	- /* Use seperate PEM files for key, cert and CA certs */
	int status;

	#if ENABLE_INLINE_FILES
	- if (!strcmp (options->priv_key_file, INLINE_FILE_TAG) && options->priv_key_file_inline)
	+ if (!strcmp (priv_key_file, INLINE_FILE_TAG) && priv_key_file_inline)
	{
	- status = use_inline_PrivateKey_file (ctx, options->priv_key_file_inline);
	+ status = use_inline_PrivateKey_file (ctx->ctx, priv_key_file_inline);
	}
	else
	-#endif
	+#endif /* ENABLE_INLINE_FILES */
	{
	- status = SSL_CTX_use_PrivateKey_file (ctx, options->priv_key_file, SSL_FILETYPE_PEM);
	+ status = SSL_CTX_use_PrivateKey_file (ctx->ctx, priv_key_file, SSL_FILETYPE_PEM);
	}
	if (!status)
	{
	@@ -46,12 +76,15 @@
	if (management && (ERR_GET_REASON (ERR_peek_error()) == EVP_R_BAD_DECRYPT))
	management_auth_failure (management, UP_TYPE_PRIVATE_KEY, NULL);
	#endif
	- msg (M_WARN\|M_SSL, "Cannot load private key file %s", options->priv_key_file);
	- warn_if_group_others_accessible (options->priv_key_file);
	+ msg (M_WARN\|M_SSL, "Cannot load private key file %s", priv_key_file);
	+ return 1;
	+ }
	+ warn_if_group_others_accessible (priv_key_file);

	/* Check Private Key */
	- if (!SSL_CTX_check_private_key (ctx))
	+ if (!SSL_CTX_check_private_key (ctx->ctx))
	msg (M_SSLERR, "Private key does not match the certificate");
	+ return 0;
	+
	}
	--- a/ssl_backend.h
	--- a/ssl_openssl.c
	+