Only RSA key is accepted for custom certificate

[stephdl]

Steps to reproduce

• Initiate a NS8 cluster
• try to upload a custom certificate that is not a RSA certificate

Expected behavior

I expect that my certificate that it could be a RSA or a DSA or a EC certs is accepted

Actual behavior

only RSA certs are accepted

Components

traefik 2.2.2

See also

• https://mattermost.nethesis.it/nethesis/pl/mdymszj8ptb47jqpxisyk5w5br

---

thank @nrauso

[stephdl]

QA

Test traefik from ghcr.io/nethserver/traefik:2.2.3-dev.2 test that you can use a rsa or dsa or ec key

[nrauso]

test case: FAILED

The check added with the PR#89 is not enough. After the key check, the action script try to calculate the modulus of certificate and key to verify if they match each other:

# check if cert is provided by key
cert_hash="$(openssl x509 -noout -modulus -in $CERT_FILE | openssl md5)"
key_hash="$(openssl $TYPE_KEY -noout -modulus -in $KEY_FILE | openssl md5)"
if [ "$cert_hash" != "$key_hash" ]; then
    echo "Key didn't generate certificate."
    del_certs
    exit 3
fi

but modulus is not available for EC keys, so the action fails:

ec: Unknown cipher: modulus
ec: Use -help for summary.
809BA672C07F0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:373:Global default library context, Algorithm (modulus : 0), Properties (<null>)

[stephdl]

new version to test @nrauso ghcr.io/nethserver/traefik:2.2.3-dev.2

[nrauso]

test case: VERIFIED

[DavidePrincipi]

Released https://github.com/NethServer/ns8-traefik/releases/tag/2.2.3