Check that certificate matches private key

This commit is contained in:
Kim Alvefur 2014-02-05 01:48:58 +01:00
parent 21aefcf67d
commit 8e5bcefbb6
2 changed files with 16 additions and 0 deletions

View File

@ -395,6 +395,17 @@ static int load_key(lua_State *L)
return ret; return ret;
} }
/**
* Check that the certificate public key matches the private key
*/
static int check_key(lua_State *L)
{
SSL_CTX *ctx = lsec_checkcontext(L, 1);
lua_pushboolean(L, SSL_CTX_check_private_key(ctx));
return 1;
}
/** /**
* Set the cipher list. * Set the cipher list.
*/ */
@ -564,6 +575,7 @@ static luaL_Reg funcs[] = {
{"locations", load_locations}, {"locations", load_locations},
{"loadcert", load_cert}, {"loadcert", load_cert},
{"loadkey", load_key}, {"loadkey", load_key},
{"checkkey", check_key},
{"setcipher", set_cipher}, {"setcipher", set_cipher},
{"setdepth", set_depth}, {"setdepth", set_depth},
{"setdhparam", set_dhparam}, {"setdhparam", set_dhparam},

View File

@ -61,6 +61,10 @@ function newcontext(cfg)
succ, msg = context.loadcert(ctx, cfg.certificate) succ, msg = context.loadcert(ctx, cfg.certificate)
if not succ then return nil, msg end if not succ then return nil, msg end
end end
if context.checkkey then
succ = context.checkkey(ctx)
if not succ then return nil, "private key does not match public key" end
end
-- Load the CA certificates -- Load the CA certificates
if cfg.cafile or cfg.capath then if cfg.cafile or cfg.capath then
succ, msg = context.locations(ctx, cfg.cafile, cfg.capath) succ, msg = context.locations(ctx, cfg.cafile, cfg.capath)