Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

v2.1: Validate certificate vs private_key #675

Open
johnnyshields opened this issue Nov 25, 2023 · 3 comments
Open

v2.1: Validate certificate vs private_key #675

johnnyshields opened this issue Nov 25, 2023 · 3 comments

Comments

@johnnyshields
Copy link
Collaborator

Currently there is no validation that certificate actually matches private_key. It would be good to add this, because it may cause headaches for users to debug this if for some reason their keys are out-of-sync.
@pitbulk
Copy link
Collaborator

pitbulk commented Jul 9, 2024

We can add a method to check if a pair of cert and private_key are related. Then extend validate_sp_certs_params! method to use it

@johnnyshields
Copy link
Collaborator Author

Right, I think this is only supported on more recent versions of OpenSSL. I will check.

@pitbulk
Copy link
Collaborator

pitbulk commented Jul 9, 2024

If that's the case, we can simply check whether the OpenSSL method is available and, based on that, execute the extra check. Rather than forcing people to have a specific OpenSSL version.

@johnnyshields johnnyshields changed the title Validate certificate vs private_key v2.1: Validate certificate vs private_key Jul 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@johnnyshields @pitbulk