From a03c58f27e3078a346e2fd297dbc59a1014e7a2c Mon Sep 17 00:00:00 2001
From: Gunnar Beutner <gunnar@beutner.name>
Date: Tue, 15 Oct 2013 21:24:55 +0200
Subject: [PATCH] MakeSSLContext: Check if keys match.

---
 lib/base/tlsutility.cpp | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/lib/base/tlsutility.cpp b/lib/base/tlsutility.cpp
index 93b1e608e..0fd4864e8 100644
--- a/lib/base/tlsutility.cpp
+++ b/lib/base/tlsutility.cpp
@@ -70,6 +70,12 @@ shared_ptr<SSL_CTX> MakeSSLContext(const String& pubkey, const String& privkey,
 		    << boost::errinfo_file_name(privkey));
 	}
 
+	if (!SSL_CTX_check_private_key(sslContext.get())) {
+		BOOST_THROW_EXCEPTION(openssl_error()
+		    << boost::errinfo_api_function("SSL_CTX_check_private_key")
+		    << errinfo_openssl_error(ERR_get_error()));
+	}
+
 	if (!SSL_CTX_load_verify_locations(sslContext.get(), cakey.CStr(), NULL)) {
 		BOOST_THROW_EXCEPTION(openssl_error()
 		    << boost::errinfo_api_function("SSL_CTX_load_verify_locations")
-- 
2.40.0