Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(transport): Attempt to load RSA private keys in rustls #39

Merged
merged 1 commit into from
Oct 4, 2019
Merged

fix(transport): Attempt to load RSA private keys in rustls #39

merged 1 commit into from
Oct 4, 2019

Conversation

jen20
Copy link
Contributor

@jen20 jen20 commented Oct 4, 2019

Motivation

Currently, using an RSA key - or indeed any text which is not a PEM-encoded PKCS8-format key with RusTLS panics with an index-out-of- range exception. There is a similar problem loading certificates as well as private keys.

Solution

This commit introduces two new types of TlsError which indicate problems with loading a certificate or private key:

  • CertificateParseError, indicating that the certificate cannot be parsed.

  • PrivateKeyParseError, indicating that the private key cannot be parsed.

Additionally, in the case that reading the private key as PKCS8 fails, we now try loading it as an RSA key before failing.

This is not necessarily a complete solution, since the Server builder calls unwrap on the resulting error (which still panics), but the reason is at least now clearer since the variant of the TlsError is displayed.

@jen20 jen20 force-pushed the jen20/rustls-rsa-private-keys branch from b174356 to 9448ed4 Compare October 4, 2019 14:57
LucioFranco
LucioFranco approved these changes Oct 4, 2019
View reviewed changes
Copy link
Member

@LucioFranco LucioFranco left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Thank you for this! <3

I think CI needs a rustfmt and it should be green?

@jen20 jen20 force-pushed the jen20/rustls-rsa-private-keys branch from 9448ed4 to 2ffe24d Compare October 4, 2019 15:12
@jen20
Attempt to load RSA private keys in rustls
4e48b2e 
Currently, using an RSA key - or indeed any text which is not a
PEM-encoded PKCS8-format key with RusTLS panics with an index-out-of-
range exception.

This commit introduces two new types of `TlsError` which indicate
problems with loading a certificate or private key:

- `CertificateParseError`, indicating that the certificate cannot be
  parsed

- `PrivateKeyParseError`, indicating that the private key cannot be
  parsed.

Additionally, in the case that reading the private key as PKCS8 fails,
we now try loading it as an RSA key before failing.
@jen20 jen20 force-pushed the jen20/rustls-rsa-private-keys branch from 2ffe24d to 4e48b2e Compare October 4, 2019 15:22
@LucioFranco LucioFranco changed the title Attempt to load RSA private keys in rustls fix(transport): Attempt to load RSA private keys in rustls Oct 4, 2019
@LucioFranco LucioFranco merged commit 2c5c3a2 into hyperium:master Oct 4, 2019
@jen20 jen20 deleted the jen20/rustls-rsa-private-keys branch October 4, 2019 15:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@LucioFranco LucioFranco LucioFranco approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jen20 @LucioFranco