read cert chain and private key

quicp2p.nim

@@ -1,9 +1,19 @@
-{.passL: "-l quicly -l picotls-core -l picotls-openssl -l crypto".}
+{.passL: "-l crypto -l quicly -l picotls-core -l picotls-openssl".}
 
 import quicly/quicly
 import quicly/defaults
 import picotls/picotls
-import picotls/openssl
+import picotls/openssl as ptls_openssl
+
+from openssl import DLLSSLName, EVP_PKEY, EVP_PKEY_free
+
+const certChainPath = "./certs/server-certchain.pem"
+const keyPath = "./certs/server-cert.key"
+
+proc PEM_read_PrivateKey(fp: File, x: ptr EVP_PKEY,
+                         cb: proc(buf: cstring, size: cint, rwflag: cint, u: pointer): cint {.cdecl.},
+                         u: pointer): EVP_PKEY
+                        {.cdecl, dynlib: DLLSSLName, importc.}
 
 proc onStreamOpen(self: ptr quicly_stream_open_t, stream: ptr quicly_stream_t):
                  cint {.cdecl.} =
@@ -13,7 +23,6 @@ proc main() =
   # callbacks
   var streamOpen = quicly_stream_open_t(cb: onStreamOpen)
 
-  var signCertificates: ptls_openssl_sign_certificate_t
   var tlsCtx = ptls_context_t(randomBytes: ptlsOpensslRandomBytes,
                               getTime: addr ptlsGetTime,
                               keyExchanges: ptlsOpensslKeyExchanges,
@@ -22,7 +31,19 @@ proc main() =
   var ctx = quiclySpecContext
   ctx.tls = addr tlsCtx
   ctx.stream_open = addr streamOpen
-  # TODO: ptls_load_certificates
+  if ptlsLoadCertificates(addr tlsCtx, certChainPath.cstring) != 0:
+    echo "cannot load certificate chain ", certChainPath
+    quit(1)
+  let pKeyFile = open(keyPath)
+  let privateKey = PEM_read_PrivateKey(pkeyFile, nil, nil, nil)
+  pkeyFile.close()
+  if privateKey == nil:
+    echo "cannot load private key ", keyPath
+    quit(2)
+  var signCertificate: ptls_openssl_sign_certificate_t
+  discard ptls_openssl_init_sign_certificate(addr signCertificate, privateKey)
+  EVP_PKEY_free(privateKey)
+  tlsCtx.signCertificate = addr signCertificate.super
   echo "hello world"
 
 when isMainModule: