kris/th5
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

crypto/tls: parse certificate first in X509KeyPair to get better errors

Browse Source 
parsePrivateKey can't return useful error messages because it does trial
decoding of multiple formats.  Try ParseCertificate first in case it
offers a useful error message.

Fixes #23591

Change-Id: I380490a5850bee593a7d2f584a27b2a14153d768
Reviewed-on: https://go-review.googlesource.com/90435
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>
This commit is contained in:
Filippo Valsorda 2018-01-28 23:30:48 +01:00 committed by Kris Kwiatkowski
parent 9fc345bd63
commit 4c970a6672
1 changed files with 4 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
tls.go
View File

@ -237,15 +237,14 @@ func X509KeyPair(certPEMBlock, keyPEMBlock []byte) (Certificate, error) {
skippedBlockTypes = append(skippedBlockTypes, keyDERBlock.Type) skippedBlockTypes = append(skippedBlockTypes, keyDERBlock.Type)
} }
var err error // We don't need to parse the public key for TLS, but we so do anyway
cert.PrivateKey, err = parsePrivateKey(keyDERBlock.Bytes) // to check that it looks sane and matches the private key.
x509Cert, err := x509.ParseCertificate(cert.Certificate[0])
if err != nil { if err != nil {
return fail(err) return fail(err)
} }
// We don't need to parse the public key for TLS, but we so do anyway cert.PrivateKey, err = parsePrivateKey(keyDERBlock.Bytes)
// to check that it looks sane and matches the private key.
x509Cert, err := x509.ParseCertificate(cert.Certificate[0])
if err != nil { if err != nil {
return fail(err) return fail(err)
} }