MINOR: ssl: checks the consistency of a private key with the corresponding certificate

commit: 61694ab3738b13ed51705da216462a4b533dd87f [log] [tgz]
author: Emeric Brun <ebrun@exceliance.fr> Fri Oct 26 13:35:33 2012 +0200
committer: Willy Tarreau <w@1wt.eu> Fri Oct 26 15:10:32 2012 +0200
tree: 92063632e8e300fff8275d97eab7e95d87e8bb5e
parent: a7aa309c4475cc5d2c318989a608b474a74a546d [diff]
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 0838929..330f47a 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c

@@ -391,6 +391,13 @@
 			SSL_CTX_free(ctx);
 		return 1;
 	}
+
+	if (SSL_CTX_check_private_key(ctx) <= 0) {
+		memprintf(err, "%sinconsistencies between private key and certificate loaded from PEM file '%s'.\n",
+		          err && *err ? *err : "", path);
+		return 1;
+	}
+
 	/* we must not free the SSL_CTX anymore below, since it's already in
 	 * the tree, so it will be discovered and cleaned in time.
 	 */
commit	61694ab3738b13ed51705da216462a4b533dd87f	[log] [tgz]
author	Emeric Brun <ebrun@exceliance.fr>	Fri Oct 26 13:35:33 2012 +0200
committer	Willy Tarreau <w@1wt.eu>	Fri Oct 26 15:10:32 2012 +0200
tree	92063632e8e300fff8275d97eab7e95d87e8bb5e
parent	a7aa309c4475cc5d2c318989a608b474a74a546d [diff]