v2.1: Validate certificate vs private_key
Opened this issue · 3 comments
johnnyshields commented
Currently there is no validation that certificate actually matches private_key. It would be good to add this, because it may cause headaches for users to debug this if for some reason their keys are out-of-sync.
pitbulk commented
We can add a method to check if a pair of cert and private_key are related. Then extend validate_sp_certs_params! method to use it
johnnyshields commented
Right, I think this is only supported on more recent versions of OpenSSL. I will check.
pitbulk commented
If that's the case, we can simply check whether the OpenSSL method is available and, based on that, execute the extra check. Rather than forcing people to have a specific OpenSSL version.