From 8aa2516a55c9c228dbe9367358d43b3c8680c8ff Mon Sep 17 00:00:00 2001
From: Michael Koch <michael.koch@open-xchange.com>
Date: Sat, 17 Oct 2020 17:20:50 +0200
Subject: [PATCH] Check also certificate keys using elliptic curve algorithms

---
 backend/internal/certificate.js | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/backend/internal/certificate.js b/backend/internal/certificate.js
index 613c837c..a6495ff2 100644
--- a/backend/internal/certificate.js
+++ b/backend/internal/certificate.js
@@ -617,8 +617,18 @@ const internalCertificate = {
 						fs.unlinkSync(filepath);
 						return true;
 					}).catch((err) => {
-						fs.unlinkSync(filepath);
-						throw new error.ValidationError('Certificate Key is not valid (' + err.message + ')', err);
+						return utils.exec('openssl ec -in ' + filepath + ' -check -noout')
+							.then((result) => {
+								if (!result.toLowerCase().includes('key ok')) {
+									throw new error.ValidationError(result);
+								}
+
+								fs.unlinkSync(filepath);
+								return true;
+							}).catch((err) => {
+								fs.unlinkSync(filepath);
+								throw new error.ValidationError('Certificate Key is not valid (' + err.message + ')', err);
+							});
 					});
 			});
 	},