From 17969225c3b10e08621e987551c92089afe2bb0b Mon Sep 17 00:00:00 2001
From: Jesse Peterson <jesse.c.peterson@gmail.com>
Date: Fri, 13 May 2022 09:04:29 -0700
Subject: [PATCH] Clearer detection of encrypted PEM

---
 http/api.go | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/http/api.go b/http/api.go
index 0177932..7dc65a1 100644
--- a/http/api.go
+++ b/http/api.go
@@ -4,6 +4,7 @@ import (
 	"bytes"
 	"context"
 	"crypto/tls"
+	"crypto/x509"
 	"encoding/json"
 	"encoding/pem"
 	"errors"
@@ -273,8 +274,8 @@ func readPEMCertAndKey(input []byte) (cert []byte, key []byte, err error) {
 		if block.Type == "CERTIFICATE" {
 			cert = pem.EncodeToMemory(block)
 		} else if block.Type == "PRIVATE KEY" || strings.HasSuffix(block.Type, " PRIVATE KEY") {
-			if len(block.Headers) > 0 {
-				err = errors.New("private key PEM headers present: possibly encrypted")
+			if x509.IsEncryptedPEMBlock(block) {
+				err = errors.New("private key PEM appears to be encrypted")
 				break
 			}
 			key = pem.EncodeToMemory(block)