HSM: local_cert URI

Let's support cases when `local_cert` is a HSM URI too.
TODO: fixup indent, this version is only designed to ease code review.

Suggested-by: Jakub Zelenka <bukka@php.net>
The current PHP usage of this has got just the path without file:// so the
fast path should be to first try to get it from real path and if that fails,
then try to get it from php_openssl_x509_from_str(). If the cert is found
in any of those, then try local_pk.

Author: vjardin

ext/openssl/xp_ssl.c

@@ -938,6 +938,8 @@ static int php_openssl_set_local_cert(SSL_CTX *ctx, php_stream *stream) /* {{{ *
 	if (certfile) {
 		char resolved_path_buff[MAXPATHLEN];
 		const char *private_key = NULL;
+		X509 *cert = NULL;
+		int ctx_set = 0;
 
 		if (VCWD_REALPATH(certfile, resolved_path_buff)) {
 			/* a certificate to use for authentication */
@@ -948,6 +950,19 @@ static int php_openssl_set_local_cert(SSL_CTX *ctx, php_stream *stream) /* {{{ *
 					certfile);
 				return FAILURE;
 			}
+			ctx_set = 1;
+		/* val is still local_cert/certfile since GET_VER_OPT_STRING("local_cert", certfile) */
+		} else if ((cert = php_openssl_x509_from_str(Z_STR_P(val))) != NULL) {
+			if (SSL_CTX_use_certificate(ctx, cert) != 1) {
+				X509_free(cert);
+				php_error_docref(NULL, E_WARNING,
+					"Invalid local cert `%s'; Check your device",
+					certfile);
+				return FAILURE;
+			}
+			ctx_set = 1;
+		}
+		if (ctx_set) {
 			GET_VER_OPT_STRING("local_pk", private_key);
 			if (private_key) {
 				char resolved_path_buff_pk[MAXPATHLEN];