Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto/tls: unsupported certificate key error for ecdsa cert with NIST P-224 #28960

Closed
benburkert opened this issue Nov 26, 2018 · 4 comments
Closed
Assignees
Milestone

Comments

@benburkert
Copy link
Contributor

@benburkert benburkert commented Nov 26, 2018

What did you do?

https://play.golang.org/p/YJUDxQHX8t1

What did you expect to see?

No output.

What did you see instead?

2018/11/26 11:44:22 remote error: tls: internal error
2018/11/26 11:44:22 tls: unsupported certificate key (*ecdsa.PrivateKey)
exit status 1

Does this issue reproduce with the latest release (go1.11.2)?

No.

System details

go version devel +9fe9853ae5 Mon Nov 26 14:13:53 2018 +0000 darwin/amd64
GOARCH="amd64"
GOBIN=""
GOCACHE="/Users/benburkert/Library/Caches/go-build"
GOEXE=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="darwin"
GOOS="darwin"
GOPATH="/Users/benburkert"
GOPROXY=""
GORACE=""
GOROOT="/Users/benburkert/src/github.com/golang/go"
GOTMPDIR=""
GOTOOLDIR="/Users/benburkert/src/github.com/golang/go/pkg/tool/darwin_amd64"
GCCGO="gccgo"
CC="clang"
CXX="clang++"
CGO_ENABLED="1"
GOMOD=""
GOROOT/bin/go version: go version devel +9fe9853ae5 Mon Nov 26 14:13:53 2018 +0000 darwin/amd64
GOROOT/bin/go tool compile -V: compile version devel +9fe9853ae5 Mon Nov 26 14:13:53 2018 +0000
uname -v: Darwin Kernel Version 17.7.0: Thu Jun 21 22:53:14 PDT 2018; root:xnu-4570.71.2~1/RELEASE_X86_64
ProductName:	Mac OS X
ProductVersion:	10.13.6
BuildVersion:	17G65
lldb --version: lldb-1000.11.37.1
  Swift-4.2
@benburkert

This comment has been minimized.

Copy link
Contributor Author

@benburkert benburkert commented Nov 26, 2018

This error pops up because tip defaults to TLS1.3, and throwing an error is the right thing to do, but the message is confusing because *ecdsa.PrivateKey is supported, but not with the chosen curve.

@agnivade

This comment has been minimized.

Copy link
Contributor

@agnivade agnivade commented Nov 27, 2018

@FiloSottile

This comment has been minimized.

Copy link
Member

@FiloSottile FiloSottile commented Nov 27, 2018

I’ll improve the error message.

@FiloSottile FiloSottile added this to the Go1.12 milestone Nov 27, 2018
@FiloSottile FiloSottile self-assigned this Nov 27, 2018
@gopherbot

This comment has been minimized.

Copy link

@gopherbot gopherbot commented Nov 29, 2018

Change https://golang.org/cl/151661 mentions this issue: crypto/tls: improve error message for unsupported certificates in TLS 1.3

@gopherbot gopherbot closed this in 950100a Nov 30, 2018
@golang golang locked and limited conversation to collaborators Nov 30, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
4 participants
You can’t perform that action at this time.