v2.1: Validate certificate vs private_key

Question

v2.1: Validate certificate vs private_key

Opened this issue 10 months ago · 3 comments

Currently there is no validation that certificate actually matches private_key. It would be good to add this, because it may cause headaches for users to debug this if for some reason their keys are out-of-sync.

Answer 1 · 2024-07-09T13:08:07.000Z

We can add a method to check if a pair of cert and private_key are related. Then extend validate_sp_certs_params! method to use it

Answer 2 · 2024-07-09T13:51:57.000Z

Right, I think this is only supported on more recent versions of OpenSSL. I will check.

Answer 3 · 2024-07-09T14:27:12.000Z

If that's the case, we can simply check whether the OpenSSL method is available and, based on that, execute the extra check. Rather than forcing people to have a specific OpenSSL version.