OLD | NEW |
1 // Copyright 2009 The Go Authors. All rights reserved. | 1 // Copyright 2009 The Go Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style | 2 // Use of this source code is governed by a BSD-style |
3 // license that can be found in the LICENSE file. | 3 // license that can be found in the LICENSE file. |
4 | 4 |
5 // This package partially implements the TLS 1.1 protocol, as specified in RFC 4
346. | 5 // This package partially implements the TLS 1.1 protocol, as specified in RFC 4
346. |
6 package tls | 6 package tls |
7 | 7 |
8 import ( | 8 import ( |
9 "io/ioutil" | 9 "io/ioutil" |
10 "net" | 10 "net" |
(...skipping 61 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
72 | 72 |
73 // LoadX509KeyPair | 73 // LoadX509KeyPair |
74 func LoadX509KeyPair(certFile string, keyFile string) (cert Certificate, err os.
Error) { | 74 func LoadX509KeyPair(certFile string, keyFile string) (cert Certificate, err os.
Error) { |
75 certPEMBlock, err := ioutil.ReadFile(certFile) | 75 certPEMBlock, err := ioutil.ReadFile(certFile) |
76 if err != nil { | 76 if err != nil { |
77 return | 77 return |
78 } | 78 } |
79 | 79 |
80 certDERBlock, _ := pem.Decode(certPEMBlock) | 80 certDERBlock, _ := pem.Decode(certPEMBlock) |
81 if certDERBlock == nil { | 81 if certDERBlock == nil { |
82 » » err = os.ErrorString("failed to parse certificate PEM data") | 82 » » err = os.ErrorString("crypto/tls: failed to parse certificate PE
M data") |
83 return | 83 return |
84 } | 84 } |
85 | 85 |
86 cert.Certificate = [][]byte{certDERBlock.Bytes} | 86 cert.Certificate = [][]byte{certDERBlock.Bytes} |
87 | 87 |
88 keyPEMBlock, err := ioutil.ReadFile(keyFile) | 88 keyPEMBlock, err := ioutil.ReadFile(keyFile) |
89 if err != nil { | 89 if err != nil { |
90 return | 90 return |
91 } | 91 } |
92 | 92 |
93 keyDERBlock, _ := pem.Decode(keyPEMBlock) | 93 keyDERBlock, _ := pem.Decode(keyPEMBlock) |
94 if keyDERBlock == nil { | 94 if keyDERBlock == nil { |
95 » » err = os.ErrorString("failed to parse key PEM data") | 95 » » err = os.ErrorString("crypto/tls: failed to parse key PEM data") |
96 return | 96 return |
97 } | 97 } |
98 | 98 |
99 key, err := x509.ParsePKCS1PrivateKey(keyDERBlock.Bytes) | 99 key, err := x509.ParsePKCS1PrivateKey(keyDERBlock.Bytes) |
100 if err != nil { | 100 if err != nil { |
101 » » err = os.ErrorString("failed to parse key") | 101 » » err = os.ErrorString("crypto/tls: failed to parse key") |
102 return | 102 return |
103 } | 103 } |
104 | 104 |
105 cert.PrivateKey = key | 105 cert.PrivateKey = key |
106 | 106 |
107 // We don't need to parse the public key for TLS, but we so do anyway | 107 // We don't need to parse the public key for TLS, but we so do anyway |
108 // to check that it looks sane and matches the private key. | 108 // to check that it looks sane and matches the private key. |
109 x509Cert, err := x509.ParseCertificate(certDERBlock.Bytes) | 109 x509Cert, err := x509.ParseCertificate(certDERBlock.Bytes) |
110 if err != nil { | 110 if err != nil { |
111 return | 111 return |
112 } | 112 } |
113 | 113 |
114 if x509Cert.PublicKeyAlgorithm != x509.RSA || x509Cert.PublicKey.(*rsa.P
ublicKey).N.Cmp(key.PublicKey.N) != 0 { | 114 if x509Cert.PublicKeyAlgorithm != x509.RSA || x509Cert.PublicKey.(*rsa.P
ublicKey).N.Cmp(key.PublicKey.N) != 0 { |
115 » » err = os.ErrorString("Private key does not match public key") | 115 » » err = os.ErrorString("crypto/tls: private key does not match pub
lic key") |
116 return | 116 return |
117 } | 117 } |
118 | 118 |
119 return | 119 return |
120 } | 120 } |
OLD | NEW |