fix(transport): Attempt to load RSA private keys in rustls#39
Merged
LucioFranco merged 1 commit intohyperium:masterfrom Oct 4, 2019
Merged
Conversation
jen20
force-pushed
the
jen20/rustls-rsa-private-keys
branch
from
b174356 to
9448ed4
Compare
LucioFranco
approved these changes
Oct 4, 2019
Member
LucioFranco
left a comment
LucioFranco
left a comment
There was a problem hiding this comment.
LGTM! Thank you for this! <3
I think CI needs a rustfmt and it should be green?
jen20
force-pushed
the
jen20/rustls-rsa-private-keys
branch
from
9448ed4 to
2ffe24d
Compare
Currently, using an RSA key - or indeed any text which is not a PEM-encoded PKCS8-format key with RusTLS panics with an index-out-of- range exception. This commit introduces two new types of `TlsError` which indicate problems with loading a certificate or private key: - `CertificateParseError`, indicating that the certificate cannot be parsed - `PrivateKeyParseError`, indicating that the private key cannot be parsed. Additionally, in the case that reading the private key as PKCS8 fails, we now try loading it as an RSA key before failing.
jen20
force-pushed
the
jen20/rustls-rsa-private-keys
branch
from
2ffe24d to
4e48b2e
Compare
LucioFranco
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Motivation
Currently, using an RSA key - or indeed any text which is not a PEM-encoded PKCS8-format key with RusTLS panics with an index-out-of- range exception. There is a similar problem loading certificates as well as private keys.
Solution
This commit introduces two new types of
TlsErrorwhich indicate problems with loading a certificate or private key:CertificateParseError, indicating that the certificate cannot be parsed.PrivateKeyParseError, indicating that the private key cannot be parsed.Additionally, in the case that reading the private key as PKCS8 fails, we now try loading it as an RSA key before failing.
This is not necessarily a complete solution, since the
Serverbuilder calls unwrap on the resulting error (which still panics), but the reason is at least now clearer since the variant of theTlsErroris displayed.