From eaec5d9c556f4752d52c42b6e025b5f4ee4c0343 Mon Sep 17 00:00:00 2001
From: W. Trevor King <wking@drexel.edu>
Date: Wed, 7 Mar 2012 08:19:46 -0500
Subject: [PATCH 1/3] Add TLSKey option for separate key and certificate files.

---
 TLS          |    6 +++---
 ssmtp.c      |   12 +++++++++++-
 ssmtp.conf.5 |    3 +++
 3 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/TLS b/TLS
index ada03c5..74404a3 100644
--- a/TLS
+++ b/TLS
@@ -26,9 +26,9 @@ Set this to yes to make ssmtp identify itself with a certificate.
 TLSCert=<file>
 Specify which certificate file should be used.
 
+TLSKey=<file>
+Specify which key file should be used (can be the same as the
+certificate file).
 
 TODO:
 * Check server certificate for changes and notify about it.
-* Diffrent Certificate and Key file?
-
-
diff --git a/ssmtp.c b/ssmtp.c
index af4d1e5..97d19dc 100644
--- a/ssmtp.c
+++ b/ssmtp.c
@@ -68,6 +68,7 @@ char *gecos;
 char *prog = (char)NULL;
 char *root = NULL;
 char *tls_cert = "/etc/ssl/certs/ssmtp.pem";	/* Default Certificate */
+char *tls_key = "/etc/ssl/certs/ssmtp.pem";	/* Default private key */
 char *uad = (char)NULL;
 char *config_file = (char)NULL;		/* alternate configuration file */
 
@@ -1033,6 +1034,15 @@ bool_t read_config()
 					log_event(LOG_INFO, "Set TLSCert=\"%s\"\n", tls_cert);
 				}
 			}
+			else if(strcasecmp(p, "TLSKey") == 0) {
+				if((tls_key = strdup(q)) == (char *)NULL) {
+					die("parse_config() -- strdup() failed");
+				}
+
+				if(log_level > 0) {
+					log_event(LOG_INFO, "Set TLSKey=\"%s\"\n", tls_key);
+				}
+			}
 #endif
 			/* Command-line overrides these */
 			else if(strcasecmp(p, "AuthUser") == 0 && !auth_user) {
@@ -1138,7 +1148,7 @@ int smtp_open(char *host, int port)
 			return(-1);
 		}
 
-		if(SSL_CTX_use_PrivateKey_file(ctx, tls_cert, SSL_FILETYPE_PEM) <= 0) {
+		if(SSL_CTX_use_PrivateKey_file(ctx, tls_key, SSL_FILETYPE_PEM) <= 0) {
 			perror("Use PrivateKey");
 			return(-1);
 		}
diff --git a/ssmtp.conf.5 b/ssmtp.conf.5
index 25f6ceb..d80a24a 100644
--- a/ssmtp.conf.5
+++ b/ssmtp.conf.5
@@ -54,6 +54,9 @@ See RFC 2487.
 .It Cm TLSCert
 The file name of an RSA certificate to use for TLS, if required.
 .Pp
+.It Cm TLSKey
+The file name of an RSA key to use for TLS, if required.
+.Pp
 .It Cm AuthUser
 The user name to use for SMTP AUTH.
 The default is blank, in which case SMTP AUTH is not used.
-- 
1.7.3.4