diff --git a/quicp2p.nim b/quicp2p.nim index 550136f..053c0ff 100644 --- a/quicp2p.nim +++ b/quicp2p.nim @@ -1,9 +1,19 @@ -{.passL: "-l quicly -l picotls-core -l picotls-openssl -l crypto".} +{.passL: "-l crypto -l quicly -l picotls-core -l picotls-openssl".} import quicly/quicly import quicly/defaults import picotls/picotls -import picotls/openssl +import picotls/openssl as ptls_openssl + +from openssl import DLLSSLName, EVP_PKEY, EVP_PKEY_free + +const certChainPath = "./certs/server-certchain.pem" +const keyPath = "./certs/server-cert.key" + +proc PEM_read_PrivateKey(fp: File, x: ptr EVP_PKEY, + cb: proc(buf: cstring, size: cint, rwflag: cint, u: pointer): cint {.cdecl.}, + u: pointer): EVP_PKEY + {.cdecl, dynlib: DLLSSLName, importc.} proc onStreamOpen(self: ptr quicly_stream_open_t, stream: ptr quicly_stream_t): cint {.cdecl.} = @@ -13,7 +23,6 @@ proc main() = # callbacks var streamOpen = quicly_stream_open_t(cb: onStreamOpen) - var signCertificates: ptls_openssl_sign_certificate_t var tlsCtx = ptls_context_t(randomBytes: ptlsOpensslRandomBytes, getTime: addr ptlsGetTime, keyExchanges: ptlsOpensslKeyExchanges, @@ -22,7 +31,19 @@ proc main() = var ctx = quiclySpecContext ctx.tls = addr tlsCtx ctx.stream_open = addr streamOpen - # TODO: ptls_load_certificates + if ptlsLoadCertificates(addr tlsCtx, certChainPath.cstring) != 0: + echo "cannot load certificate chain ", certChainPath + quit(1) + let pKeyFile = open(keyPath) + let privateKey = PEM_read_PrivateKey(pkeyFile, nil, nil, nil) + pkeyFile.close() + if privateKey == nil: + echo "cannot load private key ", keyPath + quit(2) + var signCertificate: ptls_openssl_sign_certificate_t + discard ptls_openssl_init_sign_certificate(addr signCertificate, privateKey) + EVP_PKEY_free(privateKey) + tlsCtx.signCertificate = addr signCertificate.super echo "hello world" when isMainModule: