From 6c0079528465771bd1d9f4b84d4ed7a9311fc230 Mon Sep 17 00:00:00 2001
From: Aaron Jones <aaronmdjones@gmail.com>
Date: Sat, 6 Jan 2018 15:58:30 +0000
Subject: [PATCH] libratbox/src/mbedtls.c: check public/private keys match

---
 libratbox/src/mbedtls.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/libratbox/src/mbedtls.c b/libratbox/src/mbedtls.c
index 69358e48..7879ad45 100644
--- a/libratbox/src/mbedtls.c
+++ b/libratbox/src/mbedtls.c
@@ -490,6 +490,12 @@ rb_setup_ssl_server(const char *const certfile, const char *keyfile,
 		rb_mbedtls_cfg_decref(newcfg);
 		return 0;
 	}
+	if((ret = mbedtls_pk_check_pair(&newcfg->crt.pk, &newcfg->key)) != 0)
+	{
+		rb_lib_log("%s: pk_check_pair: public/private key mismatch", __func__);
+		rb_mbedtls_cfg_decref(newcfg);
+		return 0;
+	}
 	if((ret = mbedtls_ssl_conf_own_cert(&newcfg->server_cfg, &newcfg->crt, &newcfg->key)) != 0)
 	{
 		rb_lib_log("%s: ssl_conf_own_cert (server): %s", __func__, rb_ssl_strerror(ret));