Broken Cert parsing in ssltool

Question

Broken Cert parsing in ssltool

Closed this issue 9 years ago · 1 comments

Since I can't find ssltool's repo, ssltool 0.0.11 has a breaking bug where it checks for only RSA certs:

  @key_strings                   = @pem_strings.select { |s| s =~ /-----BEGIN (RSA )?PRIVATE KEY-----/ }

this causes ssl-doctor to spuriously reject EC keys.

In addition, the keys are parsed as if they are only RSA keys:

def key(s)
  OpenSSL::PKey::RSA.new(s, '')
rescue OpenSSL::PKey::RSAError => e
  raise KeyMalformedError, "Key appears to be malformed, or is passphrase-protected."
end

Answer 1 · 2016-02-22T12:20:32.000Z

fixed in ssltool 0.0.14