Revise API to load cert/key in SSLContext.
Summary:
When loading cert/key pair, order matters:
(a) Wrong key will fail to load if a cert is loaded;
(b) Wrong cert will succeed to load even if a private key is loaded.
So this diff adds:
(1) SSLContext::checkPrivateKey() -- must call for case (b).
(2) SSLContext::loadCertKeyPairFromBufferPEM() -- use this if one loads both cert and key. Guaranteed to throw if cert/key mismatch.
Reviewed By: yfeldblum
Differential Revision:
D6416280
fbshipit-source-id:
8ae370883d46e9b5afb69c506c09fbf7ba82b1b9
projects / folly.git / commit