Rocket
Rocket copied to clipboard
rwf2
Rocket doesn't understand TLS keys with comments
Description
Rocket rejected my PKCS 8/PEM formatted RSA TLS key file, claiming "bad TLS private key: invalid key header; supported formats are: RSA, PKCS8". After removing the leading and trailing comment lines (beginning with "#"), Rocket accepted it, but I don't think we'd be allowed to remove the comments as they're used to mark the confidentiality of the files.
According to RFC 7468, "Data before the encapsulation boundaries are permitted, and parsers MUST NOT malfunction when processing such data."
To Reproduce
Add a new line with # test comment at the beginning of examples/tls/private/rsa_sha256_key.pem, and then run the tls example.
Expected Behavior
Should recognize the file as containing an RSA private key.
Environment:
- OS Distribution and Kernel: CentOS container
- Rocket Version: 0.5.0-rc.2
Additional Context
I'm not sure if this issue is in Rocket itself, or an underlying TLS library. The stacktrace just pointed to error.rs and a bunch of stuff in std, so I'm not sure where Rocket actually reads the key file.
Rocket seems to have no issue with the leading comments in the PEM-formated certificate file; just the key file.
Hi there!
Thanks for reporting. The stack trace was not very helpful but I found the Übeltäter (person making trouble, german).
core/http/src/tls/util:L20
It literally just reads the first line and excpect it to be the --- BEGIN --- line.
I am considering creating a pull request as it turned out to be a rather simple issue.
*Edit: It's line 20, not 19.
