Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto/tls: unsupported certificate key error for ecdsa cert with NIST P-224 #28960

Closed
benburkert opened this issue Nov 26, 2018 · 4 comments
Closed

crypto/tls: unsupported certificate key error for ecdsa cert with NIST P-224 #28960

benburkert opened this issue Nov 26, 2018 · 4 comments
Labels
FrozenDueToAge NeedsFix The path to resolution is known, but the work has not been done.
Milestone
Go1.12

Comments

@benburkert
Copy link
Contributor

What did you do?

https://play.golang.org/p/YJUDxQHX8t1

What did you expect to see?

No output.

What did you see instead?

2018/11/26 11:44:22 remote error: tls: internal error
2018/11/26 11:44:22 tls: unsupported certificate key (*ecdsa.PrivateKey)
exit status 1

Does this issue reproduce with the latest release (go1.11.2)?

No.

System details

go version devel +9fe9853ae5 Mon Nov 26 14:13:53 2018 +0000 darwin/amd64
GOARCH="amd64"
GOBIN=""
GOCACHE="/Users/benburkert/Library/Caches/go-build"
GOEXE=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="darwin"
GOOS="darwin"
GOPATH="/Users/benburkert"
GOPROXY=""
GORACE=""
GOROOT="/Users/benburkert/src/github.com/golang/go"
GOTMPDIR=""
GOTOOLDIR="/Users/benburkert/src/github.com/golang/go/pkg/tool/darwin_amd64"
GCCGO="gccgo"
CC="clang"
CXX="clang++"
CGO_ENABLED="1"
GOMOD=""
GOROOT/bin/go version: go version devel +9fe9853ae5 Mon Nov 26 14:13:53 2018 +0000 darwin/amd64
GOROOT/bin/go tool compile -V: compile version devel +9fe9853ae5 Mon Nov 26 14:13:53 2018 +0000
uname -v: Darwin Kernel Version 17.7.0: Thu Jun 21 22:53:14 PDT 2018; root:xnu-4570.71.2~1/RELEASE_X86_64
ProductName:	Mac OS X
ProductVersion:	10.13.6
BuildVersion:	17G65
lldb --version: lldb-1000.11.37.1
  Swift-4.2
@benburkert
Copy link
Contributor Author

This error pops up because tip defaults to TLS1.3, and throwing an error is the right thing to do, but the message is confusing because *ecdsa.PrivateKey is supported, but not with the chosen curve.

@agnivade
Copy link
Contributor

/cc @FiloSottile

@agnivade agnivade added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Nov 27, 2018
@FiloSottile
Copy link
Contributor

I’ll improve the error message.

@FiloSottile FiloSottile added this to the Go1.12 milestone Nov 27, 2018
@FiloSottile FiloSottile added the NeedsFix The path to resolution is known, but the work has not been done. label Nov 27, 2018
@gopherbot gopherbot removed the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Nov 27, 2018
@FiloSottile FiloSottile self-assigned this Nov 27, 2018
@gopherbot
Copy link

Change https://golang.org/cl/151661 mentions this issue: crypto/tls: improve error message for unsupported certificates in TLS 1.3

@golang golang locked and limited conversation to collaborators Nov 30, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge NeedsFix The path to resolution is known, but the work has not been done.
Projects
None yet
Milestone
Go1.12
Development

No branches or pull requests
4 participants
@benburkert @FiloSottile @agnivade @gopherbot