unsupportedCertificateError returns a helpful error for certificates with an unsupported private key.
(cert *Certificate)
| 259 | // unsupportedCertificateError returns a helpful error for certificates with |
| 260 | // an unsupported private key. |
| 261 | func unsupportedCertificateError(cert *Certificate) error { |
| 262 | switch cert.PrivateKey.(type) { |
| 263 | case rsa.PrivateKey, ecdsa.PrivateKey: |
| 264 | return fmt.Errorf("tls: unsupported certificate: private key is %T, expected *%T", |
| 265 | cert.PrivateKey, cert.PrivateKey) |
| 266 | case *ed25519.PrivateKey: |
| 267 | return fmt.Errorf("tls: unsupported certificate: private key is *ed25519.PrivateKey, expected ed25519.PrivateKey") |
| 268 | } |
| 269 | |
| 270 | signer, ok := cert.PrivateKey.(crypto.Signer) |
| 271 | if !ok { |
| 272 | return fmt.Errorf("tls: certificate private key (%T) does not implement crypto.Signer", |
| 273 | cert.PrivateKey) |
| 274 | } |
| 275 | |
| 276 | switch pub := signer.Public().(type) { |
| 277 | case *ecdsa.PublicKey: |
| 278 | switch pub.Curve { |
| 279 | case elliptic.P256(): |
| 280 | case elliptic.P384(): |
| 281 | case elliptic.P521(): |
| 282 | default: |
| 283 | return fmt.Errorf("tls: unsupported certificate curve (%s)", pub.Curve.Params().Name) |
| 284 | } |
| 285 | case *rsa.PublicKey: |
| 286 | return fmt.Errorf("tls: certificate RSA key size too small for supported signature algorithms") |
| 287 | case ed25519.PublicKey: |
| 288 | default: |
| 289 | return fmt.Errorf("tls: unsupported certificate key (%T)", pub) |
| 290 | } |
| 291 | |
| 292 | if cert.SupportedSignatureAlgorithms != nil { |
| 293 | return fmt.Errorf("tls: peer doesn't support the certificate custom signature algorithms") |
| 294 | } |
| 295 | |
| 296 | return fmt.Errorf("tls: internal error: unsupported key (%T)", cert.PrivateKey) |
| 297 | } |
no outgoing calls
no test coverage detected
searching dependent graphs…