libratbox/src/mbedtls.c: check public/private keys match

diff --git a/librb/src/mbedtls.c b/librb/src/mbedtls.c
index d45018e8b01178cf50ad258057ba50529937ff89..25bbb0fb8a52a36d6a3e5b0362fd6d04fd4dac66 100644 (file)
--- a/librb/src/mbedtls.c
+++ b/librb/src/mbedtls.c
@@ -484,6 +484,12 @@ rb_setup_ssl_server(const char *const certfile, const char *keyfile,
                rb_mbedtls_cfg_decref(newcfg);
                return 0;
        }
+       if((ret = mbedtls_pk_check_pair(&newcfg->crt.pk, &newcfg->key)) != 0)
+       {
+               rb_lib_log("%s: pk_check_pair: public/private key mismatch", __func__);
+               rb_mbedtls_cfg_decref(newcfg);
+               return 0;
+       }
        if((ret = mbedtls_ssl_conf_own_cert(&newcfg->server_cfg, &newcfg->crt, &newcfg->key)) != 0)
        {
                rb_lib_log("%s: ssl_conf_own_cert (server): %s", __func__, rb_ssl_strerror(ret));