Closed danielspofford closed 5 years ago
Reproduction:
NervesHub.update/0
Explanation
The root of the issue is here https://github.com/nerves-hub/nerves_hub/blob/v0.4.0/lib/nerves_hub/http_client.ex#L47
We pass the private key to Certificate.pem_to_der() here: https://github.com/nerves-hub/nerves_hub/blob/v0.4.0/lib/nerves_hub/certificate.ex#L25
Certificate.pem_to_der()
which uses X509.Certificate.from_pem/1 in all cases, even though as in this case it is possible it will be called with a key, not a cert.
X509.Certificate.from_pem/1
Solution
In this case, we should be calling X509.PrivateKey.from_pem/1 like Socket does here: https://github.com/nerves-hub/nerves_hub/blob/v0.4.0/lib/nerves_hub/socket.ex#L63
X509.PrivateKey.from_pem/1
Socket
--
Edit: In the wild this leads to a relatively cryptic error message:
** (exit) exited in: :gen_statem.call(#PID<0.1835.0>, {:start, 8000}, :infinity) ** (EXIT) an exception was raised: ** (MatchError) no match of right hand side value: {:error, {:asn1, {{:invalid_value, 0}, [{:asn1rt_nif, :decode_ber_tlv, 1, [file: 'asn1rt_nif.erl', line: 85]}, {:"OTP-PUB-KEY", :decode, 2, [file: 'OTP-PUB-KEY.erl', line: 1109]}, {:public_key, :der_decode, 2, [file: 'public_key.erl', line: 280]}, {:ssl_config, :init_private_key, 5, [file: 'ssl_config.erl', line: 121]}, {:ssl_config, :init, 2, [file: 'ssl_config.erl', line: 38]}, {:ssl_connection, :ssl_config, 4, [file: 'ssl_connection.erl', line: 602]}, {:tls_connection, :init, 1, [file: 'tls_connection.erl', line: 132]}, {:proc_lib, :init_p_do_apply, 3, [file: 'proc_lib.erl', line: 249]}]}}} (public_key) public_key.erl:284: :public_key.der_decode/2 (ssl) ssl_config.erl:121: :ssl_config.init_private_key/5 (ssl) ssl_config.erl:38: :ssl_config.init/2 (ssl) ssl_connection.erl:602: :ssl_connection.ssl_config/4 (ssl) tls_connection.erl:132: :tls_connection.init/1 (stdlib) proc_lib.erl:249: :proc_lib.init_p_do_apply/3 (stdlib) gen.erl:177: :gen.do_call/4 (stdlib) gen_statem.erl:598: :gen_statem.call_dirty/4 (ssl) ssl_connection.erl:2202: :ssl_connection.call/2 (ssl) ssl_connection.erl:122: :ssl_connection.handshake/2 (ssl) tls_connection.erl:90: :tls_connection.start_fsm/8 (ssl) ssl_connection.erl:91: :ssl_connection.connect/8 (ssl) ssl.erl:125: :ssl.connect/4 (hackney) /Users/daniel/dev/git/very-possible/some_client/some_repo_name/deps/hackney/src/hackney_connect.erl:279: :hackney_connect.do_connect/5
Sounds good. Could you send a PR?
It's on the list of todos for sure! This is a crazy week leading up to a company retreat so it's a bit hectic ATM :)
Fixed in 4469e7684df763c922b6921eba45c8c8fa493f48.
Reproduction:
NervesHub.update/0
Explanation
The root of the issue is here https://github.com/nerves-hub/nerves_hub/blob/v0.4.0/lib/nerves_hub/http_client.ex#L47
We pass the private key to
Certificate.pem_to_der()
here: https://github.com/nerves-hub/nerves_hub/blob/v0.4.0/lib/nerves_hub/certificate.ex#L25which uses
X509.Certificate.from_pem/1
in all cases, even though as in this case it is possible it will be called with a key, not a cert.Solution
In this case, we should be calling
X509.PrivateKey.from_pem/1
likeSocket
does here: https://github.com/nerves-hub/nerves_hub/blob/v0.4.0/lib/nerves_hub/socket.ex#L63--
Edit: In the wild this leads to a relatively cryptic error message: