Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Updated from 0.3.0 to 0.3.7 and pem files with certs and keys no longer work with warp tls #1113

Open
jdthomas opened this issue Jan 22, 2025 · 0 comments
Open

Updated from 0.3.0 to 0.3.7 and pem files with certs and keys no longer work with warp tls #1113

jdthomas opened this issue Jan 22, 2025 · 0 comments
Labels
bug Something isn't working

Comments

@jdthomas
Copy link

Version
Worked in 0.3.0 fails in 0.3.7.

cat /path/to/my/server.pem | grep 'BEGIN\|END'
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----

Platform
N/A

Description
Usage looks roughly like:

    let (https_addr, https_server) = warp::serve(routes)
        .tls()
        .cert_path(&cert_path)
        .key_path(&cert_path) // key and cert are in same file in .pem files
        .bind_with_graceful_shutdown((addr, *port), async move {
            // ...
        })

In the old code the builder roughly did: "give me the pkcs8 private key" nope, give me the "rsa private key" ok/nope ...

In the 3.7 code it checks that all of the entries in the pem file are keys before using the last entry.

Will post a PR to ignore non-key entries shortly and begin a conversation on the correct fix ...
@jdthomas jdthomas added the bug Something isn't working label Jan 22, 2025
facebook-github-bot pushed a commit to facebook/sapling that referenced this issue Jan 22, 2025
@facebook-github-bot
Vend warp w/ patch for TLS w/ cert + key in same pem
492c8ee 
Summary:
Broken by:
D68332922 [rust] Update warp package 0.3.0 -> 0.3.7

In the old code the builder roughly did: "give me the pkcs8 private key" nope, give me the "rsa private key" ok/nope ...

In the 3.7 code it checks that _all_ of the entries in the pem file are keys before using the last entry.

filed an issue w/ the maintainer: seanmonstar/warp#1113 sent them a PR and this diff vends it back to us

NOTE: looks like I picked up master with this which also includes some dependency bumps but no warp code changes.

Reviewed By: neagan

Differential Revision: D68513414

fbshipit-source-id: 9667a2afa5fb9fdeb43a1f7b6b106c103d71d1d5
facebook-github-bot pushed a commit to facebookexperimental/rust-shed that referenced this issue Jan 22, 2025
@facebook-github-bot
Vend warp w/ patch for TLS w/ cert + key in same pem
440cf21 
Summary:
Broken by:
D68332922 [rust] Update warp package 0.3.0 -> 0.3.7

In the old code the builder roughly did: "give me the pkcs8 private key" nope, give me the "rsa private key" ok/nope ...

In the 3.7 code it checks that _all_ of the entries in the pem file are keys before using the last entry.

filed an issue w/ the maintainer: seanmonstar/warp#1113 sent them a PR and this diff vends it back to us

NOTE: looks like I picked up master with this which also includes some dependency bumps but no warp code changes.

Reviewed By: neagan

Differential Revision: D68513414

fbshipit-source-id: 9667a2afa5fb9fdeb43a1f7b6b106c103d71d1d5
jdthomas added a commit to jdthomas/warp that referenced this issue Jan 23, 2025
@jdthomas
Fixes Issue seanmonstar#1113: TLS: Ignore certs in pem file when load…
296f50e 
…ing private keys
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jdthomas