MINOR: ssl: checks the consistency of a private key with the corresponding certificate

author Emeric Brun <ebrun@exceliance.fr>

Fri, 26 Oct 2012 11:35:33 +0000 (13:35 +0200)

committer Willy Tarreau <w@1wt.eu>

Fri, 26 Oct 2012 13:10:32 +0000 (15:10 +0200)
author Emeric Brun <ebrun@exceliance.fr>
Fri, 26 Oct 2012 11:35:33 +0000 (13:35 +0200)
committer Willy Tarreau <w@1wt.eu>
Fri, 26 Oct 2012 13:10:32 +0000 (15:10 +0200)
diff --git a/src/ssl_sock.c b/src/ssl_sock.c

index 0838929bd825aefc85664692a76e58b1eeb2f0ab..330f47a9adbee1411dabaebd29105ca76212fa92 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -391,6 +391,13 @@ static int ssl_sock_load_cert_file(const char *path, struct bind_conf *bind_conf
                         SSL_CTX_free(ctx);
                 return 1;
         }
+
+       if (SSL_CTX_check_private_key(ctx) <= 0) {
+               memprintf(err, "%sinconsistencies between private key and certificate loaded from PEM file '%s'.\n",
+                         err && *err ? *err : "", path);
+               return 1;
+       }
+
         /* we must not free the SSL_CTX anymore below, since it's already in
          * the tree, so it will be discovered and cleaned in time.
          */
author	Emeric Brun <ebrun@exceliance.fr>
	Fri, 26 Oct 2012 11:35:33 +0000 (13:35 +0200)
committer	Willy Tarreau <w@1wt.eu>
	Fri, 26 Oct 2012 13:10:32 +0000 (15:10 +0200)