libratbox/src/mbedtls.c: check public/private keys match

This commit is contained in:
Aaron Jones 2018-01-06 15:58:30 +00:00
parent 412263854f
commit 6c00795284
No known key found for this signature in database
GPG key ID: 8AF0737488AB3012

View file

@ -490,6 +490,12 @@ rb_setup_ssl_server(const char *const certfile, const char *keyfile,
rb_mbedtls_cfg_decref(newcfg); rb_mbedtls_cfg_decref(newcfg);
return 0; return 0;
} }
if((ret = mbedtls_pk_check_pair(&newcfg->crt.pk, &newcfg->key)) != 0)
{
rb_lib_log("%s: pk_check_pair: public/private key mismatch", __func__);
rb_mbedtls_cfg_decref(newcfg);
return 0;
}
if((ret = mbedtls_ssl_conf_own_cert(&newcfg->server_cfg, &newcfg->crt, &newcfg->key)) != 0) if((ret = mbedtls_ssl_conf_own_cert(&newcfg->server_cfg, &newcfg->crt, &newcfg->key)) != 0)
{ {
rb_lib_log("%s: ssl_conf_own_cert (server): %s", __func__, rb_ssl_strerror(ret)); rb_lib_log("%s: ssl_conf_own_cert (server): %s", __func__, rb_ssl_strerror(ret));