Revision a8b3b09d

b/lib/tools/prepare_node_join.py
130 130
    raise errors.X509CertError(_noded_cert_file,
131 131
                               "Unable to load private key: %s" % err)
132 132

  
133
  ctx = OpenSSL.SSL.Context(OpenSSL.SSL.TLSv1_METHOD)
134
  ctx.use_privatekey(key)
135
  ctx.use_certificate(cert)
133
  check_fn = utils.PrepareX509CertKeyCheck(cert, key)
136 134
  try:
137
    ctx.check_privatekey()
135
    check_fn()
138 136
  except OpenSSL.SSL.Error:
139 137
    raise JoinError("Given cluster certificate does not match local key")
140 138

  
b/lib/utils/x509.py
319 319

  
320 320
  return (cert,
321 321
          OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM, cert))
322

  
323

  
324
def PrepareX509CertKeyCheck(cert, key):
325
  """Get function for verifying certificate with a certain private key.
326

  
327
  @type key: OpenSSL.crypto.PKey
328
  @param key: Private key object
329
  @type cert: OpenSSL.crypto.X509
330
  @param cert: X509 certificate object
331
  @rtype: callable
332
  @return: Callable doing the actual check; will raise C{OpenSSL.SSL.Error} if
333
    certificate is not signed by given private key
334

  
335
  """
336
  ctx = OpenSSL.SSL.Context(OpenSSL.SSL.TLSv1_METHOD)
337
  ctx.use_certificate(cert)
338
  ctx.use_privatekey(key)
339

  
340
  return ctx.check_privatekey

Also available in: Unified diff