Check that certificate matches private key

2024-10-04 17:46:39 +02:00 · 2014-02-05 01:48:58 +01:00 · 2014-02-05 01:48:58 +01:00 · 8e5bcefbb6
commit 8e5bcefbb6
parent 21aefcf67d
2 changed files with 16 additions and 0 deletions
--- a/src/context.c
+++ b/src/context.c
@ -395,6 +395,17 @@ static int load_key(lua_State *L)
  return ret;
 }

+/**
+ * Check that the certificate public key matches the private key
+ */
+
+static int check_key(lua_State *L)
+{
+  SSL_CTX *ctx = lsec_checkcontext(L, 1);
+  lua_pushboolean(L, SSL_CTX_check_private_key(ctx));
+  return 1;
+}
+
 /**
 * Set the cipher list.
 */
@ -564,6 +575,7 @@ static luaL_Reg funcs[] = {
  {"locations",    load_locations},
  {"loadcert",     load_cert},
  {"loadkey",      load_key},
+  {"checkkey",     check_key},
  {"setcipher",    set_cipher},
  {"setdepth",     set_depth},
  {"setdhparam",   set_dhparam},
--- a/src/ssl.lua
+++ b/src/ssl.lua
@ -61,6 +61,10 @@ function newcontext(cfg)
      succ, msg = context.loadcert(ctx, cfg.certificate)
      if not succ then return nil, msg end
   end
+   if context.checkkey then
+     succ = context.checkkey(ctx)
+     if not succ then return nil, "private key does not match public key" end
+   end
   -- Load the CA certificates
   if cfg.cafile or cfg.capath then
      succ, msg = context.locations(ctx, cfg.cafile, cfg.capath)