+// Set the private key and certificate chain for the global SSL Context.
+// This is called during initialization, and can be called again later if the certificate changes.
+void bind_to_key_and_certificate(void) {
+ if (IsEmptyStr(key_file)) {
+ snprintf(key_file, sizeof key_file, "%s/keys/citadel.key", ctdl_dir);
+ }
+ if (IsEmptyStr(cert_file)) {
+ snprintf(cert_file, sizeof key_file, "%s/keys/citadel.cer", ctdl_dir);
+ }
+
+ syslog(LOG_DEBUG, "crypto: [re]installing key \"%s\" and certificate \"%s\"", key_file, cert_file);
+
+ SSL_CTX_use_certificate_chain_file(ssl_ctx, cert_file);
+ SSL_CTX_use_PrivateKey_file(ssl_ctx, key_file, SSL_FILETYPE_PEM);
+
+ if ( !SSL_CTX_check_private_key(ssl_ctx) ) {
+ syslog(LOG_WARNING, "crypto: cannot install certificate: %s", ERR_reason_error_string(ERR_get_error()));
+ }
+}
+
+