Merge pull request #851 from databus23/patch-1

ensure private key and certificate match
kubernetes · Jun 13, 2017 · f5a6b79 · f5a6b79
2 parents eb61873 + 8304feb
commit f5a6b79
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/core/pkg/net/ssl/ssl.go b/core/pkg/net/ssl/ssl.go
@@ -20,6 +20,7 @@ import (
 	"crypto/rand"
 	"crypto/rsa"
 	"crypto/sha1"
+	"crypto/tls"
 	"crypto/x509"
 	"crypto/x509/pkix"
 	"encoding/hex"
@@ -90,6 +91,12 @@ func AddOrUpdateCertAndKey(name string, cert, key, ca []byte) (*ingress.SSLCert,
 		return nil, err
 	}
 
+	//Ensure that certificate and private key have a matching public key
+	if _, err := tls.X509KeyPair(cert, key); err != nil {
+		_ = os.Remove(tempPemFile.Name())
+		return nil, err
+	}
+
 	cn := []string{pemCert.Subject.CommonName}
 	if len(pemCert.DNSNames) > 0 {
 		cn = append(cn, pemCert.DNSNames...)