mirrors/utls
1
0
Fork 0
mirror of https://github.com/refraction-networking/utls.git synced 2025-04-04 20:47:36 +03:00
Code Issues Projects Releases Packages Wiki Activity

crypto/tls: parse certificate first in X509KeyPair to get better errors

Browse source 
parsePrivateKey can't return useful error messages because it does trial
decoding of multiple formats.  Try ParseCertificate first in case it
offers a useful error message.

Fixes #23591

Change-Id: I380490a5850bee593a7d2f584a27b2a14153d768
Reviewed-on: https://go-review.googlesource.com/90435
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>
This commit is contained in:
Filippo Valsorda 2018-01-28 23:30:48 +01:00 committed by Filippo Valsorda
parent a6e50819c2
commit 3ec0b31ffa
1 changed files with 4 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

9
tls.go
View file

@ -237,15 +237,14 @@ func X509KeyPair(certPEMBlock, keyPEMBlock []byte) (Certificate, error) {
skippedBlockTypes = append(skippedBlockTypes, keyDERBlock.Type) skippedBlockTypes = append(skippedBlockTypes, keyDERBlock.Type)
} }
var err error // We don't need to parse the public key for TLS, but we so do anyway
cert.PrivateKey, err = parsePrivateKey(keyDERBlock.Bytes) // to check that it looks sane and matches the private key.
x509Cert, err := x509.ParseCertificate(cert.Certificate[0])
if err != nil { if err != nil {
return fail(err) return fail(err)
} }
// We don't need to parse the public key for TLS, but we so do anyway cert.PrivateKey, err = parsePrivateKey(keyDERBlock.Bytes)
// to check that it looks sane and matches the private key.
x509Cert, err := x509.ParseCertificate(cert.Certificate[0])
if err != nil { if err != nil {
return fail(err) return fail(err)
} }