New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto/tls: better error message for X509KeyPair #11092
Labels
Milestone
Comments
adg
changed the title
better error message for X509KeyPair() in crypto/tls/tls.go
crypto/tls: better error message for X509KeyPair
Jun 5, 2015
It's more that the |
CL https://golang.org/cl/14054 mentions this issue. |
FiloSottile
pushed a commit
to FiloSottile/go
that referenced
this issue
Oct 12, 2018
This change causes the types of skipped PEM blocks to be recorded when no certificate or private-key data is found in a PEM input. This allows for better error messages to be return in the case of common errors like switching the certifiate and key inputs to X509KeyPair. Fixes golang#11092 Change-Id: Ifc155a811cdcddd93b5787fe16a84c972011f2f7 Reviewed-on: https://go-review.googlesource.com/14054 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>
FiloSottile
pushed a commit
to FiloSottile/go
that referenced
this issue
Oct 12, 2018
This change causes the types of skipped PEM blocks to be recorded when no certificate or private-key data is found in a PEM input. This allows for better error messages to be return in the case of common errors like switching the certifiate and key inputs to X509KeyPair. Fixes golang#11092 Change-Id: Ifc155a811cdcddd93b5787fe16a84c972011f2f7 Reviewed-on: https://go-review.googlesource.com/14054 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
What did I do?
// mixed up order of key and cert:
http.ListenAndServeTLS(..., key, cert, ...)
What happened?
This resulted in the following cryptic error message:
crypto/tls: failed to parse certificate PEM data
What did I expect?
I spent about an hour debugging various PEM format possibilities before finding the mixup.
An error message explaining that the type of PEM block was unexpected would have saved me some time:
crypto/tls: failed to parse certificate PEM data, expected type "CERTIFICATE", got "PRIVATE KEY"
Related issue: #7042
The text was updated successfully, but these errors were encountered: