2 files changed, 43 insertions, 0 deletions

diff --git a/netlib/certffi.py b/netlib/certffi.py
new file mode 100644
index 00000000..c5d7c95e
--- /dev/null
+++ b/netlib/certffi.py
@@ -0,0 +1,36 @@
+import cffi
+import OpenSSL
+xffi = cffi.FFI()
+xffi.cdef ("""
+    struct rsa_meth_st {
+            int flags;
+            ...;
+    };
+    struct rsa_st {
+            int pad;
+            long version;
+            struct rsa_meth_st *meth;
+            ...;
+    };
+""")
+xffi.verify(
+    """#include <openssl/rsa.h>""",
+    extra_compile_args=['-w']
+)
+
+def handle(privkey):
+    new = xffi.new("struct rsa_st*")
+    newbuf = xffi.buffer(new)
+    rsa = OpenSSL.SSL._lib.EVP_PKEY_get1_RSA(privkey._pkey)
+    oldbuf = OpenSSL.SSL._ffi.buffer(rsa)
+    newbuf[:] = oldbuf[:]
+    return new
+
+def set_flags(privkey, val):
+    hdl = handle(privkey)
+    hdl.meth.flags = val 
+    return privkey
+
+def get_flags(privkey):
+    hdl = handle(privkey)
+    return hdl.meth.flags
diff --git a/netlib/certutils.py b/netlib/certutils.py
index 19148382..92b219ee 100644
--- a/netlib/certutils.py
+++ b/netlib/certutils.py
@@ -111,6 +111,7 @@ class DNTree:
         return current.value
 
 
+
 class CertStore:
     """
         Implements an in-memory certificate store.
@@ -222,6 +223,11 @@ class CertStore:
             c = (c, None)
         return (c[0], c[1] or self.privkey)
 
+    def gen_pkey(self, cert):
+        import certffi
+        certffi.set_flags(self.privkey, 1)
+        return self.privkey
+
 
 class _GeneralName(univ.Choice):
     # We are only interested in dNSNames. We use a default handler to ignore
@@ -326,6 +332,7 @@ class SSLCert:
         return altnames
 
 
+
 def get_remote_cert(host, port, sni):
     c = tcp.TCPClient((host, port))
     c.connect()