Chris Angelico writes:

Using LetsEncrypt's certbot will by default generate a private key in PKCS#8 format, not the PKCS#1 "Traditional" format. This CAN be used with Pike, but the most obvious way to parse certificates and keys does not work with this.

Example:

object pem = Standards.PEM.Messages(Stdio.read_file("privkey.pem") + Stdio.read_file("fullchain.pem")); pem->get_private_keys(); //Empty array, no PK found string pk = pem->get_fragments((<"PRIVATE KEY">))[0]->body; //This does return a valid key though

object ctx = SSL.Context(); //ctx->add_cert(pk, pem->get_certificates()); //Fails - unable to parse key ctx->add_cert(Standards.PKCS.parse_private_key(pk), pem->get_certificates()); //Succeeds!

To be honest, I thought I had already added this support.

What would be the consequences of adding support for the PKCS#8 type to these two convenience functions? This would be a simple change in each of two places - see branch rosuav/pkcs8-key-parsing - but there may be other consequences that I'm not aware of.

Looks good, merged in Pike 9.0 and later.

Thanks,

/grubba