You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We should add a case statement to detect this situation and not attempt to decode the key. IsEncryptedPEMBlock might be a good candidate to detect such a situation, with something along those lines for instance:
switch {
casex509.IsEncryptedPEMBlock(block):
// Private key is encrypted, do not attempt to parse itreturnnil, nilcaseblock.Type=="PRIVATE KEY":
returnparsePKCS8PrivateKey(block.Bytes)
caseblock.Type=="RSA PRIVATE KEY"&&len(block.Headers) ==0:
returnx509.ParsePKCS1PrivateKey(block.Bytes)
default:
returnnil, errors.New("expected PEM block to contain an RSA private key")
}
The text was updated successfully, but these errors were encountered:
ECK attempts to validate the certificates provided by the user, including the private key:
cloud-on-k8s/pkg/controller/common/certificates/pem.go
Lines 66 to 72 in 185b168
But the private key of the certificate might be encrypted, in that case ECK should not attempt to parse it.
We should add a
casestatement to detect this situation and not attempt to decode the key.IsEncryptedPEMBlockmight be a good candidate to detect such a situation, with something along those lines for instance:The text was updated successfully, but these errors were encountered: