This is done here in order to allow other packages to make use of this subroutine.
Signed-off-by: Max Carrara <[email protected]> --- src/PVE/Certificate.pm | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/src/PVE/Certificate.pm b/src/PVE/Certificate.pm index 31a7722..22de762 100644 --- a/src/PVE/Certificate.pm +++ b/src/PVE/Certificate.pm @@ -228,6 +228,47 @@ sub get_certificate_fingerprint { return $fp; } +sub certificate_matches_key { + my ($cert_path, $key_path) = @_; + + die "No certificate path given!\n" if !$cert_path; + die "No certificate key path given!\n" if !$key_path; + + die "Certificate at '$cert_path' does not exist!\n" if ! -e $cert_path; + die "Certificate key '$key_path' does not exist!\n" if ! -e $key_path; + + my $ctx = Net::SSLeay::CTX_new() + or $ssl_die->( + "Failed to create SSL context in order to verify private key" + ); + + eval { + my $filetype = &Net::SSLeay::FILETYPE_PEM; + + Net::SSLeay::CTX_use_PrivateKey_file($ctx, $key_path, $filetype) + or $ssl_die->( + "Failed to load private key from '$key_path' into SSL context" + ); + + Net::SSLeay::CTX_use_certificate_file($ctx, $cert_path, $filetype) + or $ssl_die->( + "Failed to load certificate from '$cert_path' into SSL context" + ); + + Net::SSLeay::CTX_check_private_key($ctx) + or $ssl_die->( + "Failed to validate private key and certificate" + ); + }; + my $err = $@; + + Net::SSLeay::CTX_free($ctx); + + die $err if $err; + + return 1; +} + sub get_certificate_info { my ($cert_path) = @_; -- 2.30.2 _______________________________________________ pve-devel mailing list [email protected] https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
