diff options
Diffstat (limited to 'src/lib/tls/x509_openssl.c')
| -rw-r--r-- | src/lib/tls/x509_openssl.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/src/lib/tls/x509_openssl.c b/src/lib/tls/x509_openssl.c index 28a30b66e1..f315b88f36 100644 --- a/src/lib/tls/x509_openssl.c +++ b/src/lib/tls/x509_openssl.c @@ -327,11 +327,15 @@ tor_tls_cert_is_valid(int severity, if (check_rsa_1024 && cert_key) { RSA *rsa = EVP_PKEY_get1_RSA(cert_key); #ifdef OPENSSL_1_1_API - if (rsa && RSA_bits(rsa) == 1024) + if (rsa && RSA_bits(rsa) == 1024) { #else - if (rsa && BN_num_bits(rsa->n) == 1024) + if (rsa && BN_num_bits(rsa->n) == 1024) { #endif key_ok = 1; + } else { + log_fn(severity, LD_CRYPTO, "Invalid certificate: Key is not RSA1024."); + } + if (rsa) RSA_free(rsa); } else if (cert_key) { |