-
Notifications
You must be signed in to change notification settings - Fork 165
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add API for verifying that a private key is valid for a certificate #35
Comments
I'd be happy with a function which computes a key hash from a webpki |
See https://twitter.com/avadacatavra/status/836732794445381632: "accidentally switched my certificate and key files in a call to an openssl library[.]" That would be a deadly mistake in a web server. |
TLS servers, and TLS clients that do client authentication, need way to verify that a private key that they're about to use for authentication is the one that corresponds to the certificate they present to the peer. And/or they need an API that selects a certificate that matches a private key.
See *ring issue 419 for more context.
@ctz Do you have any suggestions for an API that you could use in Rustls to verify that the certificate and the private key being used are consistent?
The text was updated successfully, but these errors were encountered: