From: Gunnar Beutner <gunnar@beutner.name>
Date: Tue, 15 Oct 2013 19:24:55 +0000 (+0200)
Subject: MakeSSLContext: Check if keys match.
X-Git-Tag: v0.0.3~115
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=a03c58f27e3078a346e2fd297dbc59a1014e7a2c;p=icinga2

MakeSSLContext: Check if keys match.
---

diff --git a/lib/base/tlsutility.cpp b/lib/base/tlsutility.cpp
index 93b1e608e..0fd4864e8 100644
--- a/lib/base/tlsutility.cpp
+++ b/lib/base/tlsutility.cpp
@@ -70,6 +70,12 @@ shared_ptr<SSL_CTX> MakeSSLContext(const String& pubkey, const String& privkey,
 		    << boost::errinfo_file_name(privkey));
 	}
 
+	if (!SSL_CTX_check_private_key(sslContext.get())) {
+		BOOST_THROW_EXCEPTION(openssl_error()
+		    << boost::errinfo_api_function("SSL_CTX_check_private_key")
+		    << errinfo_openssl_error(ERR_get_error()));
+	}
+
 	if (!SSL_CTX_load_verify_locations(sslContext.get(), cakey.CStr(), NULL)) {
 		BOOST_THROW_EXCEPTION(openssl_error()
 		    << boost::errinfo_api_function("SSL_CTX_load_verify_locations")