[Bug] mTLS doesn't support non-EC private keys

[dgjustice]

What are you really trying to do?

Using a PEM file beginning with -----BEGIN EC PRIVATE KEY-----:

Traceback

RuntimeError: Failed client connect: Server connection error: tonic::transport::Error(Transport, PrivateKeyParseError)

Temporary remedy

Convert your pkey to pkcs8:

openssl pkcs8 -topk8 -nocrypt -in key.pem -out key-pkcs8.pem

Describe the bug

python-sdk is pointing to an older commit in sdk-core which depends on an older version of tonic.
The key issue has been fixed in this tonic PR.

Minimal Reproduction

def setup_tls_config() -> TLSConfig:
    """Helper func to build TLSConfig struct."""
    with open(os.getenv("TEMPORAL_CLI_TLS_CERT"), "rb") as f:
        client_cert = f.read()
    with open(os.getenv("TEMPORAL_CLI_TLS_KEY"), "rb") as f:
        client_private_key = f.read()
    with open(os.getenv("TEMPORAL_CLI_TLS_CA"), "rb") as f:
        server_root_ca_cert = f.read()
    return TLSConfig(
        client_cert=client_cert,
        client_private_key=client_private_key,
        domain=os.getenv("TEMPORAL_CLI_TLS_SERVER_NAME"),
        server_root_ca_cert=server_root_ca_cert,
    )

Environment/Versions

• OS and processor: Linux i7
• Temporal Version: temporalio==1.3.0
• Are you using Docker or Kubernetes or building Temporal from source? Kubernetes

Additional context

If updating to a more recent core SDK version is fairly straightforward, feel free to throw me some pointers, and I will put together a PR.

[cretz]

👍 We just overcame a hurdle to going past 0.8 Tonic (OTel libs), so we will be upgrading Tonic and all of these libraries before next release.

[dgjustice]

Awesome, good to know!