Broken Cert parsing in ssltool
Closed this issue · 1 comments
nimish commented
Since I can't find ssltool's repo, ssltool 0.0.11 has a breaking bug where it checks for only RSA certs:
@key_strings = @pem_strings.select { |s| s =~ /-----BEGIN (RSA )?PRIVATE KEY-----/ }
this causes ssl-doctor to spuriously reject EC keys.
In addition, the keys are parsed as if they are only RSA keys:
def key(s)
OpenSSL::PKey::RSA.new(s, '')
rescue OpenSSL::PKey::RSAError => e
raise KeyMalformedError, "Key appears to be malformed, or is passphrase-protected."
end
kch commented
fixed in ssltool 0.0.14