From 7720dac5457ea443924f16bfe5127d717f6c0b56 Mon Sep 17 00:00:00 2001
From: Lealem Amedie <lealem47@github.com>
Date: Thu, 29 Jun 2023 13:57:33 -0600
Subject: [PATCH] Allow option to create SSL without key/cert in ctx

---
 src/internal.c | 11 +++++++++--
 tests/api.c    |  2 +-
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index 9d8a23a3b..b012836be 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -89,6 +89,9 @@
  *     - WOLFSSL_HARDEN_TLS_NO_SCR_CHECK
  *     - WOLFSSL_HARDEN_TLS_NO_PKEY_CHECK
  *     - WOLFSSL_HARDEN_TLS_ALLOW_ALL_CIPHERSUITES
+ * WOLFSSL_NO_INIT_CTX_KEY
+ *      Allows SSL objects to be created from a CTX without a loaded key/cert
+ *      pair
  */
 
 
@@ -7060,9 +7063,13 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
 
     /* Initialize SSL with the appropriate fields from it's ctx */
     /* requires valid arrays and suites unless writeDup ing */
-    if ((ret = SetSSL_CTX(ssl, ctx, writeDup)) != WOLFSSL_SUCCESS)
+    if ((ret = SetSSL_CTX(ssl, ctx, writeDup)) != WOLFSSL_SUCCESS
+#ifdef WOLFSSL_NO_INIT_CTX_KEY
+        && ret != NO_PRIVATE_KEY
+#endif
+        ) {
         return ret;
-
+    }
     ssl->options.dtls = ssl->version.major == DTLS_MAJOR;
 
 #ifdef HAVE_WRITE_DUP
diff --git a/tests/api.c b/tests/api.c
index d0423932e..f47e38952 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -3785,7 +3785,7 @@ static int test_server_wolfSSL_new(void)
     /* invalid context */
     ExpectNull(ssl = wolfSSL_new(NULL));
 #if !defined(WOLFSSL_SESSION_EXPORT) && !defined(WOLFSSL_QT) && \
-        !defined(OPENSSL_EXTRA)
+        !defined(OPENSSL_EXTRA) && !defined(WOLFSSL_NO_INIT_CTX_KEY)
     ExpectNull(ssl = wolfSSL_new(ctx_nocert));
 #endif