Skip to content

Commit cbf7236

Browse files
pimterrypimterry
committed
Fix headers in generated PKCS#8 CA certificates
Previously we set PKCS#1 headers on PKCS#8 data, which worked in some cases because of some flexible APIs, but really shouldn't. This sets the right headers so this should work correctly.
1 parent 1987d59 commit cbf7236

File tree

2 files changed

+4
-4
lines changed

2 files changed

+4
-4
lines changed

src/util/tls.ts

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -202,7 +202,7 @@ export async function generateCACertificate(options: {
202202
});
203203

204204
const privateKeyBuffer = await crypto.subtle.exportKey("pkcs8", keyPair.privateKey as CryptoKey);
205-
const privateKeyPem = arrayBufferToPem(privateKeyBuffer, "RSA PRIVATE KEY");
205+
const privateKeyPem = arrayBufferToPem(privateKeyBuffer, "PRIVATE KEY");
206206
const certificatePem = certificate.toString("pem");
207207

208208
return {
@@ -383,7 +383,7 @@ export class CA {
383383
const generatedCertificate = {
384384
key: arrayBufferToPem(
385385
await crypto.subtle.exportKey("pkcs8", leafKeyPair.privateKey as CryptoKey),
386-
"RSA PRIVATE KEY"
386+
"PRIVATE KEY"
387387
),
388388
cert: certificate.toString("pem"),
389389
ca: this.caCert.toString("pem")

test/ca.spec.ts

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -161,7 +161,7 @@ nodeOnly(() => {
161161
expect(caCertificate.cert.length).to.be.greaterThan(1000);
162162
expect(caCertificate.cert.split('\n')[0]).to.equal('-----BEGIN CERTIFICATE-----');
163163
expect(caCertificate.key.length).to.be.greaterThan(1000);
164-
expect(caCertificate.key.split('\n')[0]).to.equal('-----BEGIN RSA PRIVATE KEY-----');
164+
expect(caCertificate.key.split('\n')[0]).to.equal('-----BEGIN PRIVATE KEY-----');
165165
});
166166

167167
it("should generate a CA certificate that can be used to create domain certificates", async () => {
@@ -173,7 +173,7 @@ nodeOnly(() => {
173173
expect(cert.length).to.be.greaterThan(1000);
174174
expect(cert.split('\n')[0]).to.equal('-----BEGIN CERTIFICATE-----');
175175
expect(key.length).to.be.greaterThan(1000);
176-
expect(key.split('\n')[0]).to.equal('-----BEGIN RSA PRIVATE KEY-----');
176+
expect(key.split('\n')[0]).to.equal('-----BEGIN PRIVATE KEY-----');
177177
});
178178

179179
it("should be able to generate a CA certificate that passes lintcert checks", async function () {

0 commit comments

Comments
 (0)