Merge pull request #851 from databus23/patch-1

ensure private key and certificate match
2017-06-13 10:00:23 -04:00 · 2017-06-13 10:00:23 -04:00 · f5a6b79dbd
commit f5a6b79dbd
parent eb61873730 8304feb497
1 changed files with 7 additions and 0 deletions
--- a/core/pkg/net/ssl/ssl.go
+++ b/core/pkg/net/ssl/ssl.go
@ -20,6 +20,7 @@ import (
 	"crypto/rand"
 	"crypto/rsa"
 	"crypto/sha1"
+	"crypto/tls"
 	"crypto/x509"
 	"crypto/x509/pkix"
 	"encoding/hex"
@ -90,6 +91,12 @@ func AddOrUpdateCertAndKey(name string, cert, key, ca []byte) (*ingress.SSLCert,
 		return nil, err
 	}

+	//Ensure that certificate and private key have a matching public key
+	if _, err := tls.X509KeyPair(cert, key); err != nil {
+		_ = os.Remove(tempPemFile.Name())
+		return nil, err
+	}
+
 	cn := []string{pemCert.Subject.CommonName}
 	if len(pemCert.DNSNames) > 0 {
 		cn = append(cn, pemCert.DNSNames...)