warp icon indicating copy to clipboard operation
warp copied to clipboard
verified publisher icon seanmonstar

Fixes Issue #1113: TLS: Ignore certs in pem file when loading private key

Open jdthomas opened this issue 1 year ago • 2 comments

This ignores just certs in the file. Options I considered:

  1. Ignore all the non-key items. replacing with _ => {},

  2. Ignore explicitly the existing entries in rustls_pemfile::Item::* that are not a key. replacing with rustls_pemfile::Item::X509Certificate(_) | Crl(_) | Csr(_) => {},

  3. Ignore just the certs X509Certificate(_) => {}, _ => return Err(TlsConfigError::UnknownPrivateKeyFormat),

Any of those would resolve my issue of certs + keys in same file, happy to adjust diff as needed.

jdthomas avatar Jan 22 '25 20:01 jdthomas

Looks like rusttls-pemfile also has a private_key fn similar to the certs fn used at the start of the builder. Perhaps that is what should be used instead of the whole loop?

https://docs.rs/rustls-pemfile/latest/rustls_pemfile/fn.private_key.html

[edit: might look something like this: https://github.com/jdthomas/warp/commit/ff9c9a0892e29259dc7a16cc948a9576129e0039 ]

jdthomas avatar Jan 22 '25 21:01 jdthomas

Any thoughts on merging this?

jdthomas avatar Oct 17 '25 17:10 jdthomas