encoding/pem: server fails with "failed to parse key PEM data" #4477
Labels
Milestone
Comments
I bisected the breakage to https://code.google.com/p/go/source/detail?r=f440e65f93fe 14406 good (go 1.0.3) 14708 good 14858 good 14880 good 14890 good 14895 good 14899 good 14900 bad changeset: 14900:f440e65f93fe user: Joel Sing <jsing@google.com> date: Fri Nov 16 19:33:59 2012 +1100 summary: crypto/tls: add support for loading EC X.509 key pairs 14950 bad 15008 bad (tip) Joel, want to take a look? Owner changed to @4a6f656c. |
Nevermind, it was easy to fix: https://golang.org/cl/6865043 Owner changed to @bradfitz. Status changed to Started. |
|
This issue was closed by revision 444b7b5. Status changed to Fixed. |
FiloSottile
pushed a commit
to FiloSottile/go
that referenced
this issue
Oct 12, 2018
Worked in Go 1, broken in f440e65f93fe. Fixes golang#4477 R=golang-dev, agl CC=golang-dev https://golang.org/cl/6865043
ianamason
added a commit
to SRI-CSL/gllvm
that referenced
this issue
Apr 23, 2021
…an make a go.module file.
This issue was closed.
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
I updated one of my servers from Go 1 to Go tip and it now fails to start: Listen: Failed to load TLS keypair (cert="/home/bradfitz/keys/xx/ssl.crt", key="/home/bradfitz/keys/xx/ssl.key"): crypto/tls: failed to parse key PEM data That error comes from crypto/tls.X509KeyPair: func X509KeyPair(certPEMBlock, keyPEMBlock []byte) (cert Certificate, err error) { .... var keyDERBlock *pem.Block for { keyDERBlock, keyPEMBlock = pem.Decode(keyPEMBlock) if keyDERBlock == nil { err = errors.New("crypto/tls: failed to parse key PEM data") return } ... Without attaching my private key to this bug, here's some debugging I added to pem.Decode: func Decode(data []byte) (p *Block, rest []byte) { println("call pem: decode of ", len(data), "bytes") defer func() { println(" ret decoded = ", p != nil, "rest=", len(rest)) }() // pemStart begins with a newline. However, at the very beginning of // the byte array, we'll accept the start string without it. rest = data if bytes.HasPrefix(data, pemStart[1:]) { rest = rest[len(pemStart)-1 : len(data)] } else if i := bytes.Index(data, pemStart); i >= 0 { rest = rest[i+len(pemStart) : len(data)] } else { println("nil data") // hitting this return nil, data } call pem: decode of 7862 bytes ret decoded = true rest= 4972 call pem: decode of 4972 bytes ret decoded = true rest= 2760 call pem: decode of 2760 bytes ret decoded = true rest= 0 call pem: decode of 0 bytes nil data ret decoded = false rest= 0 call pem: decode of 3272 bytes ret decoded = true rest= 0 call pem: decode of 0 bytes nil data ret decoded = false rest= 0 Listen: Failed to load TLS keypair (cert="/home/bradfitz/keys/xxx/ssl.crt", key="/home/bradfitz/keys/xxx/ssl.key"): crypto/tls: failed to parse key PEM dataThe text was updated successfully, but these errors were encountered: