Skip to content

Commit

Permalink
fix missing certificate/key log
Browse files Browse the repository at this point in the history
  • Loading branch information
parvit committed Apr 5, 2024
1 parent 1a5005b commit e4dc7bd
Show file tree
Hide file tree
Showing 3 changed files with 15 additions and 15 deletions.
4 changes: 2 additions & 2 deletions .github/workflows/common-performance.yml
Original file line number Diff line number Diff line change
Expand Up @@ -112,8 +112,8 @@ jobs:
if: ${{ inputs.ignore_caches || steps.cache-build.outputs.cache-hit != 'true' }}
shell: powershell
run: |
New-Item -Path . -Name "build" -ItemType "directory" -Force
New-Item -Path . -Name "build/config" -ItemType "directory" -Force
New-Item -Path . -Name "build" -ItemType "directory" -Force | Out-Null
New-Item -Path . -Name "build/config" -ItemType "directory" -Force | Out-Null
$config = Get-Content -Path ./docker/client-env/qpep.yml.tpl
$config = $config.replace('<QPEP_GATEWAY>','${{ inputs.server_public_address }}')
$config = $config.replace('<QPEP_ADDRESS>','${{ inputs.client_listen_address }}')
Expand Down
13 changes: 13 additions & 0 deletions backend/backend_quicgo.go
Original file line number Diff line number Diff line change
Expand Up @@ -233,6 +233,7 @@ func loadTLSConfig(certPEM, keyPEM string) *tls.Config {
dataKey, err2 := ioutil.ReadFile(keyPEM)

if err1 != nil {
logger.Error("Could not find certificate file %s", certPEM)
return nil
}

Expand All @@ -252,11 +253,13 @@ func loadTLSConfig(certPEM, keyPEM string) *tls.Config {
}

if len(cert.Certificate) == 0 {
logger.Error("Certificate file %s does not contain valid certificates", certPEM)
return nil
}

x509Cert, err := x509.ParseCertificate(cert.Certificate[0])
if err != nil {
logger.Error("Certificate parsing in file %s failed: %v", certPEM, err)
return nil
}

Expand All @@ -268,45 +271,55 @@ func loadTLSConfig(certPEM, keyPEM string) *tls.Config {
for {
keyDERBlock, dataKey = pem.Decode(dataKey)
if keyDERBlock == nil {
logger.Error("Certificate key parsing in file %s failed", dataKey)
return nil
}
if keyDERBlock.Type == "PRIVATE KEY" || strings.HasSuffix(keyDERBlock.Type, " PRIVATE KEY") {
logger.Error("Certificate PEM key parsing in file %s failed", dataKey)
break
}
skippedBlockTypes = append(skippedBlockTypes, keyDERBlock.Type)
}

cert.PrivateKey, err = parsePrivateKey(keyDERBlock.Bytes)
if err != nil {
logger.Error("Error loading private key from file %s: %v", dataKey, err)
return nil
}

switch pub := x509Cert.PublicKey.(type) {
case *rsa.PublicKey:
priv, ok := cert.PrivateKey.(*rsa.PrivateKey)
if !ok {
logger.Error("Error loading private key from file %s: Not a valid RSA key", dataKey)
return nil
}
if pub.N.Cmp(priv.N) != 0 {
logger.Error("Error loading private key from file %s: internal error", dataKey, err)
return nil
}
case *ecdsa.PublicKey:
priv, ok := cert.PrivateKey.(*ecdsa.PrivateKey)
if !ok {
logger.Error("Error loading private key from file %s: Not a valid ECDSA key", dataKey, err)
return nil
}
if pub.X.Cmp(priv.X) != 0 || pub.Y.Cmp(priv.Y) != 0 {
logger.Error("Error loading private key from file %s: internal error", dataKey, err)
return nil
}
case ed25519.PublicKey:
priv, ok := cert.PrivateKey.(ed25519.PrivateKey)
if !ok {
logger.Error("Error loading private key from file %s: Not a valida ED25519 key", dataKey, err)
return nil
}
if !bytes.Equal(priv.Public().(ed25519.PublicKey), pub) {
logger.Error("Error loading private key from file %s: internal error", dataKey, err)
return nil
}
default:
logger.Error("Error loading private key from file %s: unsupported key type %v", dataKey, pub)
return nil
}
}
Expand Down
13 changes: 0 additions & 13 deletions docker/build-linux/docker-compose.yml

This file was deleted.

0 comments on commit e4dc7bd

Please sign in to comment.