From: Emeric Brun <ebrun@exceliance.fr>
Date: Fri, 26 Oct 2012 11:35:33 +0000 (+0200)
Subject: MINOR: ssl: checks the consistency of a private key with the corresponding certificate
X-Git-Tag: v1.5-dev13~101
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=61694ab3738b13ed51705da216462a4b533dd87f;p=thirdparty%2Fhaproxy.git

MINOR: ssl: checks the consistency of a private key with the corresponding certificate
---

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 0838929bd8..330f47a9ad 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -391,6 +391,13 @@ static int ssl_sock_load_cert_file(const char *path, struct bind_conf *bind_conf
 			SSL_CTX_free(ctx);
 		return 1;
 	}
+
+	if (SSL_CTX_check_private_key(ctx) <= 0) {
+		memprintf(err, "%sinconsistencies between private key and certificate loaded from PEM file '%s'.\n",
+		          err && *err ? *err : "", path);
+		return 1;
+	}
+
 	/* we must not free the SSL_CTX anymore below, since it's already in
 	 * the tree, so it will be discovered and cleaned in time.
 	 */