Merge pull request #17 from Zash/zash/checkkey

Verify that certificate and key belong together
2024-11-07 22:18:27 +01:00 · 2014-04-21 13:07:38 -03:00 · 2014-04-21 13:07:38 -03:00 · 77637e9d3c
commit 77637e9d3c
parent a481015217 55d45f0542
2 changed files with 18 additions and 2 deletions
--- a/src/context.c
+++ b/src/context.c
@ -395,6 +395,17 @@ static int load_key(lua_State *L)
  return ret;
 }

+/**
+ * Check that the certificate public key matches the private key
+ */
+
+static int check_key(lua_State *L)
+{
+  SSL_CTX *ctx = lsec_checkcontext(L, 1);
+  lua_pushboolean(L, SSL_CTX_check_private_key(ctx));
+  return 1;
+}
+
 /**
 * Set the cipher list.
 */
@ -564,6 +575,7 @@ static luaL_Reg funcs[] = {
  {"locations",    load_locations},
  {"loadcert",     load_cert},
  {"loadkey",      load_key},
+  {"checkkey",     check_key},
  {"setcipher",    set_cipher},
  {"setdepth",     set_depth},
  {"setdhparam",   set_dhparam},
--- a/src/ssl.lua
+++ b/src/ssl.lua
@ -58,8 +58,12 @@ function newcontext(cfg)
   end
   -- Load the certificate
   if cfg.certificate then
-      succ, msg = context.loadcert(ctx, cfg.certificate)
-      if not succ then return nil, msg end
+     succ, msg = context.loadcert(ctx, cfg.certificate)
+     if not succ then return nil, msg end
+     if cfg.key and context.checkkey then
+       succ = context.checkkey(ctx)
+       if not succ then return nil, "private key does not match public key" end
+     end
   end
   -- Load the CA certificates
   if cfg.cafile or cfg.capath then