New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OpenSSL: temporary CTX with testing cert/key or invalidate cert after #447

Closed
thommey opened this Issue Aug 16, 2017 · 0 comments

Comments

Projects
None yet
1 participant
@thommey
Member

thommey commented Aug 16, 2017

right now, we load the certificate into the global ssl_ctx, and then load the key.

  1. we don't verify the key with SSL_CTX_check_private_key
  2. we can't "unset" the certificate if they key is invalid or doesn't exist, so we should use a temporary ssl_ctx to do that

@thommey thommey added the type: bug label Aug 16, 2017

@vanosg vanosg closed this in #449 Nov 4, 2017

vanosg added a commit that referenced this issue Nov 4, 2017

Fail early on TLS certificate loading errors. Fixes #447
* Swap incorrect 'ssl-privatekey/certificate not loaded' error messages
* Fail early on TLS certificate loading errors. Report unsupported STARTTLS to LOG_MISC.
* Add TLS alert strings to debug logs.
* Add exit state to tls debug logs.
* Fatal if exactly one of cert/key is set.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment