summary |
shortlog |
log |
commit | commitdiff |
tree
raw |
patch |
inline | side by side (from parent 1:
a279ea6)
Summary: In some cases, SSLContextManager seg faults if a cert and key do not match. This guards against that case when strictSSL = false, and throws a more useful error in the cases when SSL is required.
Reviewed By: xybu
Differential Revision:
D6513964
fbshipit-source-id:
8e63a22b346fd3f2a30d558a3659ab6794c7a105
"loadCertificateChain: either <path> or <format> is nullptr");
}
if (strcmp(format, "PEM") == 0) {
"loadCertificateChain: either <path> or <format> is nullptr");
}
if (strcmp(format, "PEM") == 0) {
- if (SSL_CTX_use_certificate_chain_file(ctx_, path) == 0) {
+ if (SSL_CTX_use_certificate_chain_file(ctx_, path) != 1) {
int errnoCopy = errno;
std::string reason("SSL_CTX_use_certificate_chain_file: ");
reason.append(path);
int errnoCopy = errno;
std::string reason("SSL_CTX_use_certificate_chain_file: ");
reason.append(path);
folly::StringPiece pkey) {
loadCertificateFromBufferPEM(cert);
loadPrivateKeyFromBufferPEM(pkey);
folly::StringPiece pkey) {
loadCertificateFromBufferPEM(cert);
loadPrivateKeyFromBufferPEM(pkey);
+ if (!isCertKeyPairValid()) {
+ throw std::runtime_error("SSL certificate and private key do not match");
+ }
}
void SSLContext::loadCertKeyPairFromFiles(
}
void SSLContext::loadCertKeyPairFromFiles(
const char* keyFormat) {
loadCertificate(certPath, certFormat);
loadPrivateKey(keyPath, keyFormat);
const char* keyFormat) {
loadCertificate(certPath, certFormat);
loadPrivateKey(keyPath, keyFormat);
+ if (!isCertKeyPairValid()) {
+ throw std::runtime_error("SSL certificate and private key do not match");
+ }
}
bool SSLContext::isCertKeyPairValid() const {
}
bool SSLContext::isCertKeyPairValid() const {