from_pem_file() rejects valid EC keys

programatik29 / axum-server

High level server designed to be used with axum framework.

MIT License

168 stars 56 forks source link

from_pem_file() rejects valid EC keys #36

Closed Echaleon closed 2 years ago

Echaleon commented 2 years ago

from_pem_file() calls eventually to config_from_pem() which restricts the keys to be of type Some(Item::RSAKey(key)) or Some(Item::PKCS8Key(key)) and this rejects a lot of EC keys. One either needs to convert it from SEC1 to PKCS8 or directly encode into DER and load the files by hand to call from_der() instead.

Adding proper support for EC keys should be as simple as adding Some(Item::ECKey(key)) to the match clause of config_from_pem(). I'd be happy to open a pull request for it.

programatik29 commented 2 years ago

Adding proper support for EC keys should be as simple as adding Some(Item::ECKey(key)) to the match clause of config_from_pem().

This isn't available in rustls-pemfile 0.2 which was the latest release back then.

You can bump up the rustls-pemfile version and add Some(Item::ECKey(key)).

All pull requests are welcome.

Madoshakalaka commented 2 years ago

And the error message is confusing, I totally thought I had a wrong path.

thread 'main' panicked at 'called `Result::unwrap()` on an `Err` value: Custom { kind: Other, error: "private key not found" }', sentinel/src/main.rs:414:10