From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id CE1489528F for ; Tue, 28 Feb 2023 17:36:40 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id AD84595FC for ; Tue, 28 Feb 2023 17:36:40 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Tue, 28 Feb 2023 17:36:39 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 1C35E48C0E for ; Tue, 28 Feb 2023 17:36:39 +0100 (CET) From: Max Carrara To: pve-devel@lists.proxmox.com Date: Tue, 28 Feb 2023 17:36:31 +0100 Message-Id: <20230228163634.299137-2-m.carrara@proxmox.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20230228163634.299137-1-m.carrara@proxmox.com> References: <20230228163634.299137-1-m.carrara@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.013 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [certificate.pm] Subject: [pve-devel] [PATCH common 1/2] certificate: add subroutine that checks if cert and key match X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Feb 2023 16:36:40 -0000 This is done here in order to allow other packages to make use of this subroutine. Signed-off-by: Max Carrara --- src/PVE/Certificate.pm | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/src/PVE/Certificate.pm b/src/PVE/Certificate.pm index 31a7722..5ec1c6b 100644 --- a/src/PVE/Certificate.pm +++ b/src/PVE/Certificate.pm @@ -228,6 +228,32 @@ sub get_certificate_fingerprint { return $fp; } +sub certificate_matches_key { + my ($cert_path, $key_path) = @_; + + die "No certificate path given!\n" if !$cert_path; + die "No certificate key path given!\n" if !$key_path; + + die "Certificate at '$cert_path' does not exist!\n" if ! -e $cert_path; + die "Certificate key '$key_path' does not exist!\n" if ! -e $key_path; + + my $ctx = Net::SSLeay::CTX_new() + or $ssl_die->( + "failed to create SSL context in order to verify private key\n" + ); + + Net::SSLeay::set_cert_and_key($ctx, $cert_path, $key_path); + + my $result = Net::SSLeay::CTX_check_private_key($ctx); + + $ssl_warn->("Failed to validate private key and certificate\n") + if !$result; + + Net::SSLeay::CTX_free($ctx); + + return $result; +} + sub get_certificate_info { my ($cert_path) = @_; -- 2.30.2