crypto/x509, crypto/tls: support PKCS#8 private keys.
OpenSSL 1.0.0 has switched to generating PKCS#8 format private keys by default. This change allows http.ListenAndServeTLS to work with either types of keys. See http://groups.google.com/group/golang-nuts/browse_thread/thread/84715b5f0c9e3c30/63a8a27b53e102a6 R=bradfitz CC=golang-dev https://golang.org/cl/5416059
This commit is contained in:
Adam Langley
parent
30373ac5f7
commit
82f6e24f53
15
tls.go
15
tls.go
@ -157,12 +157,23 @@ func X509KeyPair(certPEMBlock, keyPEMBlock []byte) (cert Certificate, err error)
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
key, err := x509.ParsePKCS1PrivateKey(keyDERBlock.Bytes)
|
// OpenSSL 0.9.8 generates PKCS#1 private keys by default, while
|
||||||
if err != nil {
|
// OpenSSL 1.0.0 generates PKCS#8 keys. We try both.
|
||||||
|
var key *rsa.PrivateKey
|
||||||
|
if key, err = x509.ParsePKCS1PrivateKey(keyDERBlock.Bytes); err != nil {
|
||||||
|
var privKey interface{}
|
||||||
|
if privKey, err = x509.ParsePKCS8PrivateKey(keyDERBlock.Bytes); err != nil {
|
||||||
err = errors.New("crypto/tls: failed to parse key: " + err.Error())
|
err = errors.New("crypto/tls: failed to parse key: " + err.Error())
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
var ok bool
|
||||||
|
if key, ok = privKey.(*rsa.PrivateKey); !ok {
|
||||||
|
err = errors.New("crypto/tls: found non-RSA private key in PKCS#8 wrapping")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
cert.PrivateKey = key
|
cert.PrivateKey = key
|
||||||
|
|
||||||
// We don't need to parse the public key for TLS, but we so do anyway
|
// We don't need to parse the public key for TLS, but we so do anyway
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user