You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
package main
import (
"crypto/tls"
"fmt"
"os"
)
func main() {
//Parse flags and check for version
cert, err := tls.LoadX509KeyPair("server.crt", "server.key")
if err != nil {
fmt.Printf("err: %v\n", err)
os.Exit(0)
}
fmt.Printf("Cert type: %T\n", cert.PrivateKey)
}
What did you expect to see?
Cert type: *rsa.PrivateKey
What did you see instead?
err: tls: failed to parse private key
Additional info
The above program will work if I run the private key through openssl openssl rsa -in server.key -out server.key
openssl ssl version: OpenSSL 1.0.2k-fips 26 Jan 2017
Also, the unmodified server.key and server.crt work correctly in a proxying application like HAProxy.
The text was updated successfully, but these errors were encountered:
odeke-em
changed the title
tls.LoadX509KeyPair fails with some keys
crypto/tls: LoadX509KeyPair fails to parse some keys, yet they are accepted by OpenSSL
Sep 8, 2017
If you run the bad private key through openssl asn1parse -i you'll see a line like:
⋮
INTEGER :BAD INTEGER:[00358…
⋮
The “bad integer” is a broken ASN.1 encoding, hence the error. Running it though OpenSSL will parse and serialise it, thus fixing the encoding. (Of course, it would be better if OpenSSL didn't accept it in the first place, then whatever bug generated that key would have been eliminated.)
What version of Go are you using (
go version
)?go version go1.9 linux/amd64
Does this issue reproduce with the latest release?
Unknown - see similar results from 1.8.X
What operating system and processor architecture are you using (
go env
)?GOARCH="amd64"
GOBIN=""
GOEXE=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOOS="linux"
GOPATH="/home/GREENVILLE/mauldinl/code/temp/certtest"
GORACE=""
GOROOT="/apps/go"
GOTOOLDIR="/apps/go/pkg/tool/linux_amd64"
GCCGO="gccgo"
CC="gcc"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build024155447=/tmp/go-build -gno-record-gcc-switches"
CXX="g++"
CGO_ENABLED="1"
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
What did you do?
Compile and run program:
What did you expect to see?
Cert type: *rsa.PrivateKey
What did you see instead?
err: tls: failed to parse private key
Additional info
The above program will work if I run the private key through openssl
openssl rsa -in server.key -out server.key
openssl ssl version: OpenSSL 1.0.2k-fips 26 Jan 2017
Also, the unmodified server.key and server.crt work correctly in a proxying application like HAProxy.
server.key (original - does not work)
server.key (regenerated by openssl)
server.crt
The text was updated successfully, but these errors were encountered: