hawkw
commented
1 year ago CI failure suggests dockerhub is having availability issues again: https://github.com/olix0r/kubert/actions/runs/6385014482/job/17328855919?pr=188
Closed hawkw closed 1 year ago
hawkw
commented
1 year ago CI failure suggests dockerhub is having availability issues again: https://github.com/olix0r/kubert/actions/runs/6385014482/job/17328855919?pr=188
Currently, the
tls_boringmodule incorrectly passes a PEM-encoded private key file toboring::PKey::private_key_from_pkcs8, which expects a single DER-encoded PKCS#8 private key. This fails, because the PEM file's contents is PEM-encoded, rather than DER-encoded. The test added in 9187fb89e201062e80083f9ebd6532b39491f940 reproduces this failure.This PR changes the
tls_boringmodule to usePKey::private_key_from_peminstead ofPKey::private_key_from_pkcs8, which correctly parses the PEM-encoded private key file contents.We may wish to consider making this code smarter and determining the input file format based on the filename extension, so that we can handle private key files with different encodings. But, the
rustlsimplementation currently assumes that the private key file is always PEM-encoded, so that's probably better saved for future work.