poem icon indicating copy to clipboard operation
poem copied to clipboard

Published 20 hours ago verified publisher icon poem-web

Using Poem 2.0.0 with Rustls only works with PKCS#8 private keys

Open pi-xel opened this issue 1 year ago • 0 comments

Expected Behavior

Poem with Rustls support works with PKCS#1 (RSA), SEC-1 (EC), and PKCS#8 private keys.

Actual Behavior

Poem treats all private keys as PKCS#8 keys (calling PrivateKeyDer::Pkcs8(key.into()) for all types, whereby key is a Vec<u8>), resulting in invalid private key errors if a different format than PKCS#8 is provided.

This bug should already be fixed via https://github.com/poem-web/poem/commit/8ba7f13eecffe6f56ce8ff511a551cc1734bcfe8, but I am posting this bug report anyway since the fix isn't released yet & I couldn't find another bug report pointing to that issue.

Steps to Reproduce the Problem

  1. Use poem = { version = "2.0.0", features = ["rustls"] }.
  2. Generate a poem::listener::RustlsConfig with a poem::listener::RustlsCertificate containing a key in SEC-1 PEM format (starting with ----- BEGIN EC PRIVATE KEY -----).
  3. Start a Poem server with that poem::listener::RustlsConfig.

Specifications

  • Version: 2.0.0
  • Platform: Linux
  • Subsystem: poem with rustls feature

pi-xel avatar Feb 12 '24 08:02 pi-xel