conf: fix support for private key PEM files other than PKCS#8 #27
Conversation
common/commandline.c
Outdated
| strstr(dest_str, "-----BEGIN PRIVATE KEY-----")) | ||
| strstr(dest_str, "-----BEGIN PRIVATE KEY-----") || | ||
| strstr(dest_str, "-----BEGIN EC PRIVATE KEY-----") || | ||
| strstr(dest_str, "-----BEGIN RSA PRIVATE KEY-----")) |
There was a problem hiding this comment.
Wi-SUN only supports EC. RSA support is not necessary.
There was a problem hiding this comment.
That's a good point - I'll remove that and amend the commit. Thanks!
mikewadsten
force-pushed
the
fix-ec-private-key
branch
from
99b778d to
7a01190
Compare
RFC 7468 specifically is about textual encodings of, among other things, PKCS structures, so I'm not surprised that RFC doesn't touch on other content structures. |
Good to know! Thank you for providing this reference. Do you mind mentioning it in the commit log? |
The Mbed TLS bug being worked around (Mbed-TLS/mbedtls#3896) affects _all_ PEM inputs. `conf_set_pem` only applied the workaround to certificates and PKCS#8 encoded keys. `-----BEGIN PRIVATE KEY-----` is the PKCS#8 PEM header called out in RFC 7468. While `-----BEGIN EC PRIVATE KEY-----` is not mentioned in that RFC, RFC 5915 does describe it as a "popular format" for using PEM encoding to store an EC key, and most crypto libraries implement it.
mikewadsten
force-pushed
the
fix-ec-private-key
branch
from
7a01190 to
8bce062
Compare
Done. |
|
Great! I have applied this patch onto our private development repository. It will be released as part of v2.3.2, and I will close this PR when it is made public. |
The Mbed TLS bug being worked around
(Mbed-TLS/mbedtls#3896)
affects all PEM inputs.
conf_set_pemonly applied the workaround to certificates and PKCS#8 encoded keys.