Handle incorrect private keys and support pkcs8 keys #418
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
p-avital
reviewed
Jan 9, 2023
| } | ||
|
|
||
| if keys.len() == 0 { | ||
| return Err(zerror!("No private key found.").into()); |
There was a problem hiding this comment.
This whole return statement can be shortened to bail!("No private key found") :)
There was a problem hiding this comment.
I replaced the return statement according to your suggestion. Also I fixed a failed CI check so now it passes the CI.
Mallets
approved these changes
Jan 9, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
When I tried using TLS transport using a certificate and key not created using minica, it would not read the key file. It instead gave the following error:
thread 'main' panicked at 'removal index (is 0) should be < len (is 0)', io/zenoh-links/zenoh-link-tls/src/unicast.rs:380:40The reason turned out to be that the function used (
rustls_pemfile::rsa_private_keys) only reads keys in the pkcs#1 format and just silently returns an empty list if no such key is found.My solution is to check if no key was found and if not, try the pkcs#8 format and ultimately, if a key is still not found, give a better error message.