Adds amplifying note about private key formats #1335
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I'll leave this to the discretion of the maintainers on whether or not this is worth merging. The context is I had some code that relied on using TLS client certificate/keys and was occasionally running into issues where it would throw the "private key or certificate not found" error.
After further investigation, I found that, at least in one reproducible case, the client key was in the standard ECSDA PEM format:
Obviously, the two calls to
pkcs8_keys
andrsa_private_keys
shown here were both returning an empty vec. At face value, it's not obvious that this is going on under the hood and was confusing since I know thatrustls
supports these types of keys. The solution, in my case, was to simply convert the key to the PKCS#8 format in order to conform to what the crate was expecting. It's also worth noting that I was usingcurl
as my sanity check which does support this key format out of the box - so there's even more chance of someone getting confused in this case.An alternative solution is changing the error message to indicate this possibility - but I thought starting with the documentation was a cleaner approach (it would have saved me about an hour).