From 61694ab3738b13ed51705da216462a4b533dd87f Mon Sep 17 00:00:00 2001 From: Emeric Brun Date: Fri, 26 Oct 2012 13:35:33 +0200 Subject: [PATCH] MINOR: ssl: checks the consistency of a private key with the corresponding certificate --- src/ssl_sock.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/ssl_sock.c b/src/ssl_sock.c index 0838929bd..330f47a9a 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -391,6 +391,13 @@ static int ssl_sock_load_cert_file(const char *path, struct bind_conf *bind_conf SSL_CTX_free(ctx); return 1; } + + if (SSL_CTX_check_private_key(ctx) <= 0) { + memprintf(err, "%sinconsistencies between private key and certificate loaded from PEM file '%s'.\n", + err && *err ? *err : "", path); + return 1; + } + /* we must not free the SSL_CTX anymore below, since it's already in * the tree, so it will be discovered and cleaned in time. */