kris
/
th5
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

crypto/tls: parse certificate first in X509KeyPair to get better errors 

parsePrivateKey can't return useful error messages because it does trial
decoding of multiple formats.  Try ParseCertificate first in case it
offers a useful error message.

Fixes #23591

Change-Id: I380490a5850bee593a7d2f584a27b2a14153d768
Reviewed-on: https://go-review.googlesource.com/90435
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>
v1.2.3
Filippo Valsorda 6 years ago
committed by Kris Kwiatkowski
parent
9fc345bd63
commit
4c970a6672
1 changed files with 4 additions and 5 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +4
    -5
      tls.go

+ 4
- 5
tls.go View File

@@ -237,15 +237,14 @@ func X509KeyPair(certPEMBlock, keyPEMBlock []byte) (Certificate, error) {
skippedBlockTypes = append(skippedBlockTypes, keyDERBlock.Type) skippedBlockTypes = append(skippedBlockTypes, keyDERBlock.Type)
} }


var err error
cert.PrivateKey, err = parsePrivateKey(keyDERBlock.Bytes)
// We don't need to parse the public key for TLS, but we so do anyway
// to check that it looks sane and matches the private key.
x509Cert, err := x509.ParseCertificate(cert.Certificate[0])
if err != nil { if err != nil {
return fail(err) return fail(err)
} }


// We don't need to parse the public key for TLS, but we so do anyway
// to check that it looks sane and matches the private key.
x509Cert, err := x509.ParseCertificate(cert.Certificate[0])
cert.PrivateKey, err = parsePrivateKey(keyDERBlock.Bytes)
if err != nil { if err != nil {
return fail(err) return fail(err)
} }


Write Preview
Loading…
Cancel
Save