diff --git a/core/http/src/tls/util.rs b/core/http/src/tls/util.rs index 5f9f8832..a751ea18 100644 --- a/core/http/src/tls/util.rs +++ b/core/http/src/tls/util.rs @@ -16,16 +16,21 @@ pub fn load_certs(reader: &mut dyn io::BufRead) -> io::Result> pub fn load_private_key(reader: &mut dyn io::BufRead) -> io::Result { // "rsa" (PKCS1) PEM files have a different first-line header than PKCS8 // PEM files, use that to determine the parse function to use. - let mut first_line = String::new(); - reader.read_line(&mut first_line)?; + let mut header = String::new(); + let private_keys_fn = loop { + header.clear(); + if reader.read_line(&mut header)? == 0 { + return Err(err("failed to find key header; supported formats are: RSA, PKCS8")); + } - let private_keys_fn = match first_line.trim_end() { - "-----BEGIN RSA PRIVATE KEY-----" => rustls_pemfile::rsa_private_keys, - "-----BEGIN PRIVATE KEY-----" => rustls_pemfile::pkcs8_private_keys, - _ => return Err(err("invalid key header; supported formats are: RSA, PKCS8")) + break match header.trim_end() { + "-----BEGIN RSA PRIVATE KEY-----" => rustls_pemfile::rsa_private_keys, + "-----BEGIN PRIVATE KEY-----" => rustls_pemfile::pkcs8_private_keys, + _ => continue, + }; }; - let key = private_keys_fn(&mut Cursor::new(first_line).chain(reader)) + let key = private_keys_fn(&mut Cursor::new(header).chain(reader)) .map_err(|_| err("invalid key file")) .and_then(|mut keys| match keys.len() { 0 => Err(err("no valid keys found; is the file malformed?")), diff --git a/examples/tls/private/rsa_sha256_key.pem b/examples/tls/private/rsa_sha256_key.pem index bf953e6b..a04af874 100644 --- a/examples/tls/private/rsa_sha256_key.pem +++ b/examples/tls/private/rsa_sha256_key.pem @@ -1,3 +1,5 @@ +# COMMENTARY + -----BEGIN PRIVATE KEY----- MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDHZ4WW3kg1XXYi gzn/mV45QoaYLIiIs35Ryx7uLFqG92a8FgYiAqNn3s02aI3LxWjCaKKI5UoRDbiy