kris/th5
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

crypto/tls: fix loading keys labeled just "PRIVATE KEY"

Browse Source 
Worked in Go 1, broken in f440e65f93fe.

Fixes #4477

R=golang-dev, agl
CC=golang-dev
https://golang.org/cl/6865043
This commit is contained in:
Brad Fitzpatrick 2012-12-01 11:02:08 -08:00
parent a954c40163
commit ada990689f
2 changed files with 21 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
tls.go
View File

@ -155,7 +155,7 @@ func X509KeyPair(certPEMBlock, keyPEMBlock []byte) (cert Certificate, err error)
err = errors.New("crypto/tls: failed to parse key PEM data") err = errors.New("crypto/tls: failed to parse key PEM data")
return return
} }
if strings.HasSuffix(keyDERBlock.Type, " PRIVATE KEY") { if keyDERBlock.Type == "PRIVATE KEY" || strings.HasSuffix(keyDERBlock.Type, " PRIVATE KEY") {
break break
} }
} }

26
tls_test.go
View File

@ -33,6 +33,19 @@ D2lWusoe2/nEqfDVVWGWlyJ7yOmqaVm/iNUN9B2N2g==
-----END RSA PRIVATE KEY----- -----END RSA PRIVATE KEY-----
` `
// keyPEM is the same as rsaKeyPEM, but declares itself as just
// "PRIVATE KEY", not "RSA PRIVATE KEY". http://golang.org/issue/4477
var keyPEM = `-----BEGIN PRIVATE KEY-----
MIIBOwIBAAJBANLJhPHhITqQbPklG3ibCVxwGMRfp/v4XqhfdQHdcVfHap6NQ5Wo
k/4xIA+ui35/MmNartNuC+BdZ1tMuVCPFZcCAwEAAQJAEJ2N+zsR0Xn8/Q6twa4G
6OB1M1WO+k+ztnX/1SvNeWu8D6GImtupLTYgjZcHufykj09jiHmjHx8u8ZZB/o1N
MQIhAPW+eyZo7ay3lMz1V01WVjNKK9QSn1MJlb06h/LuYv9FAiEA25WPedKgVyCW
SmUwbPw8fnTcpqDWE3yTO3vKcebqMSsCIBF3UmVue8YU3jybC3NxuXq3wNm34R8T
xVLHwDXh/6NJAiEAl2oHGGLz64BuAfjKrqwz7qMYr9HCLIe/YsoWq/olzScCIQDi
D2lWusoe2/nEqfDVVWGWlyJ7yOmqaVm/iNUN9B2N2g==
-----END PRIVATE KEY-----
`
var ecdsaCertPEM = `-----BEGIN CERTIFICATE----- var ecdsaCertPEM = `-----BEGIN CERTIFICATE-----
MIIB/jCCAWICCQDscdUxw16XFDAJBgcqhkjOPQQBMEUxCzAJBgNVBAYTAkFVMRMw MIIB/jCCAWICCQDscdUxw16XFDAJBgcqhkjOPQQBMEUxCzAJBgNVBAYTAkFVMRMw
EQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0 EQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0
@ -62,21 +75,22 @@ kohxS/xfFg/TEwRSSws+roJr4JFKpO2t3/be5OdqmQ==
var keyPairTests = []struct { var keyPairTests = []struct {
algo string algo string
cert *string cert string
key *string key string
}{ }{
{"ECDSA", &ecdsaCertPEM, &ecdsaKeyPEM}, {"ECDSA", ecdsaCertPEM, ecdsaKeyPEM},
{"RSA", &rsaCertPEM, &rsaKeyPEM}, {"RSA", rsaCertPEM, rsaKeyPEM},
{"RSA-untyped", rsaCertPEM, keyPEM}, // golang.org/issue/4477
} }
func TestX509KeyPair(t *testing.T) { func TestX509KeyPair(t *testing.T) {
var pem []byte var pem []byte
for _, test := range keyPairTests { for _, test := range keyPairTests {
pem = []byte(*test.cert + *test.key) pem = []byte(test.cert + test.key)
if _, err := X509KeyPair(pem, pem); err != nil { if _, err := X509KeyPair(pem, pem); err != nil {
t.Errorf("Failed to load %s cert followed by %s key: %s", test.algo, test.algo, err) t.Errorf("Failed to load %s cert followed by %s key: %s", test.algo, test.algo, err)
} }
pem = []byte(*test.key + *test.cert) pem = []byte(test.key + test.cert)
if _, err := X509KeyPair(pem, pem); err != nil { if _, err := X509KeyPair(pem, pem); err != nil {
t.Errorf("Failed to load %s key followed by %s cert: %s", test.algo, test.algo, err) t.Errorf("Failed to load %s key followed by %s cert: %s", test.algo, test.algo, err)
} }