On Fri, Aug 24, 2001 at 05:48:28PM -0400, James A. Russo wrote:
>
> I looked through the apps and could not find any which did this.
>
> I have a X509 * and EVP_PKEY * structure and want to be sure that they do
> in fact match. So if they are invalid I can just not install them for use
> in the server and throw an error. I'm using RSA keys if that makes a
> difference.
openssl/crypto/x509/x509_cmp.c:
int X509_check_private_key(X509 *x, EVP_PKEY *k)
It is e.g. used in "openssl ca", so it should bomb out when trying to
make a pkcs12 from the cert and the key. Give it a try:
openssl pkcs12 -inkey key.pem -in cert.pem -export -noout
(Have not tested it myself)
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
