BUG/MEDIUM: ssl/cli: 'commit ssl cert' crashes when no private key
A crash was reported in issue #707 because the private key was not
uploaded correctly with "set ssl cert".
The bug is provoked by X509_check_private_key() being called when there
is no private key, which can lead to a segfault.
This patch adds a check and return an error is the private key is not
present.
This must be backported in 2.1.
diff --git a/src/ssl_ckch.c b/src/ssl_ckch.c
index 537c7ea..aa7361f 100644
--- a/src/ssl_ckch.c
+++ b/src/ssl_ckch.c
@@ -1495,6 +1495,12 @@
int n;
for (n = 0; n < SSL_SOCK_NUM_KEYTYPES; n++) {
+ /* if a certificate is here, a private key must be here too */
+ if (ckchs_transaction.new_ckchs->ckch[n].cert && !ckchs_transaction.new_ckchs->ckch[n].key) {
+ memprintf(&err, "The transaction must contain at least a certificate and a private key!\n");
+ goto error;
+ }
+
if (ckchs_transaction.new_ckchs->ckch[n].cert && !X509_check_private_key(ckchs_transaction.new_ckchs->ckch[n].cert, ckchs_transaction.new_ckchs->ckch[n].key)) {
memprintf(&err, "inconsistencies between private key and certificate loaded '%s'.\n", ckchs_transaction.path);
goto error;
@@ -1503,6 +1509,12 @@
} else
#endif
{
+ /* if a certificate is here, a private key must be here too */
+ if (ckchs_transaction.new_ckchs->ckch->cert && !ckchs_transaction.new_ckchs->ckch->key) {
+ memprintf(&err, "The transaction must contain at least a certificate and a private key!\n");
+ goto error;
+ }
+
if (!X509_check_private_key(ckchs_transaction.new_ckchs->ckch->cert, ckchs_transaction.new_ckchs->ckch->key)) {
memprintf(&err, "inconsistencies between private key and certificate loaded '%s'.\n", ckchs_transaction.path);
goto error;