with an added 'check_' prefix for the sub name to indicate that this will die if the checked condition is not met.
On March 3, 2023 6:57 pm, Max Carrara wrote: > This is done here in order to allow other packages to make use of > this subroutine. > > Signed-off-by: Max Carrara <[email protected]> > --- > src/PVE/Certificate.pm | 41 +++++++++++++++++++++++++++++++++++++++++ > 1 file changed, 41 insertions(+) > > diff --git a/src/PVE/Certificate.pm b/src/PVE/Certificate.pm > index 31a7722..22de762 100644 > --- a/src/PVE/Certificate.pm > +++ b/src/PVE/Certificate.pm > @@ -228,6 +228,47 @@ sub get_certificate_fingerprint { > return $fp; > } > > +sub certificate_matches_key { > + my ($cert_path, $key_path) = @_; > + > + die "No certificate path given!\n" if !$cert_path; > + die "No certificate key path given!\n" if !$key_path; > + > + die "Certificate at '$cert_path' does not exist!\n" if ! -e $cert_path; > + die "Certificate key '$key_path' does not exist!\n" if ! -e $key_path; > + > + my $ctx = Net::SSLeay::CTX_new() > + or $ssl_die->( > + "Failed to create SSL context in order to verify private key" > + ); > + > + eval { > + my $filetype = &Net::SSLeay::FILETYPE_PEM; > + > + Net::SSLeay::CTX_use_PrivateKey_file($ctx, $key_path, $filetype) > + or $ssl_die->( > + "Failed to load private key from '$key_path' into SSL context" > + ); > + > + Net::SSLeay::CTX_use_certificate_file($ctx, $cert_path, $filetype) > + or $ssl_die->( > + "Failed to load certificate from '$cert_path' into SSL context" > + ); > + > + Net::SSLeay::CTX_check_private_key($ctx) > + or $ssl_die->( > + "Failed to validate private key and certificate" > + ); > + }; > + my $err = $@; > + > + Net::SSLeay::CTX_free($ctx); > + > + die $err if $err; > + > + return 1; > +} > + > sub get_certificate_info { > my ($cert_path) = @_; > > -- > 2.30.2 > > > > _______________________________________________ > pve-devel mailing list > [email protected] > https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel > > > _______________________________________________ pve-devel mailing list [email protected] https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
