HSM: local_cert URI

Let's support cases when `local_cert` is a HSM URI too.
TODO: fixup indent, this version is only designed to ease code review.

Author: vjardin

ext/openssl/xp_ssl.c

@@ -938,8 +938,22 @@ static int php_openssl_set_local_cert(SSL_CTX *ctx, php_stream *stream) /* {{{ *
 	if (certfile) {
 		char resolved_path_buff[MAXPATHLEN];
 		const char *private_key = NULL;
-
-		if (VCWD_REALPATH(certfile, resolved_path_buff)) {
+		X509 *cert = NULL;
+
+		/* val is certfile */
+		if (GET_VER_OPT("local_cert")) /* fill val with local_cert if any */
+			cert = php_openssl_x509_from_str(Z_STR_P(val));
+		if (cert) {
+			if (SSL_CTX_use_certificate(ctx, cert) != 1) {
+				X509_free(cert);
+				php_error_docref(NULL, E_WARNING,
+					"Invalid local cert `%s'; Check your device",
+					certfile);
+				return FAILURE;
+			}
+		}
+		if (cert || VCWD_REALPATH(certfile, resolved_path_buff)) {
+			if (!cert) {
 			/* a certificate to use for authentication */
 			if (SSL_CTX_use_certificate_chain_file(ctx, resolved_path_buff) != 1) {
 				php_error_docref(NULL, E_WARNING,
@@ -948,6 +962,7 @@ static int php_openssl_set_local_cert(SSL_CTX *ctx, php_stream *stream) /* {{{ *
 					certfile);
 				return FAILURE;
 			}
+			} // TODO indent, WIP during code reviews
 			GET_VER_OPT_STRING("local_pk", private_key);
 			if (private_key) {
 				char resolved_path_buff_pk[MAXPATHLEN];