tls.X509KeyPair pops up 'Unable to find any PEM data in certificate input' error-Golang-php.cn

Table of Contents

Correct answer

Home

Backend Development

Golang

tls.X509KeyPair pops up 'Unable to find any PEM data in certificate input' error

Feb 05, 2024 pm 11:00 PM

lol

tls.X509KeyPair 弹出“无法在证书输入中找到任何 PEM 数据”错误

Question content

I am trying to make a tls certificate for https server through golang x509 package

I got this error

tls: failed to find any pem data in certificate input

Copy after login

After some research, I created my certificate like this

func generatecert()  {
    ca := &amp;x509.certificate{
        serialnumber: big.newint(2023),
        subject: pkix.name{
            organization:       []string{&quot;company&quot;},
            organizationalunit: []string{&quot;lol&quot;},
            country:            []string{&quot;us&quot;},
            province:           []string{&quot;&quot;},
            locality:           []string{&quot;ny&quot;},
            streetaddress:      []string{&quot;no street&quot;},
            postalcode:         []string{&quot;77777&quot;},
        },
        notbefore:             time.now(),
        notafter:              time.now().adddate(10, 0, 0),
        subjectkeyid:          []byte{1, 2, 3, 4, 5},
        basicconstraintsvalid: true,
        isca:                  true,
        extkeyusage:           []x509.extkeyusage{x509.extkeyusageclientauth, x509.extkeyusageserverauth},
        keyusage:              x509.keyusagedigitalsignature | x509.keyusagecertsign,
    }

    certpubl, certpriv, err := ed25519.generatekey(rand.reader)
    if err != nil {
        log.println(&quot;key generate failed&quot;, err)
        return
    }

    certcert, err := x509.createcertificate(rand.reader, ca, ca, certpubl, certpriv)
    if err != nil {
        log.println(&quot;create cert failed&quot;, err)
        return
    }

    out := &amp;bytes.buffer{}

    //encoding cert
    certtestpem := &amp;pem.block{type: &quot;certificate&quot;, bytes: certcert}
    pem.encode(out, certtestpem)
    publiccert := out.bytes()
    certderblock, publiccert := pem.decode(publiccert)

    //check decoded cert
    print(certderblock.type, &quot;\n&quot;)
    if publiccert != nil {
        print(&quot;publiccert nil\n&quot;)
    }

    //encoding private key
    out.reset()
    privatepem, _ := x509.marshalpkcs8privatekey(certpriv)
    pem.encode(out, &amp;pem.block{type: &quot;private key&quot;, bytes: privatepem})
    privitkey := out.bytes()

    //check keypair
    _, err = tls.x509keypair(publiccert, privitkey)
    if err != nil {
        print(err.error())
    }
}

Copy after login

It shows error as below

CERTIFICATE
publicCert nil
tls: failed to find any PEM data in certificate input

Copy after login

I try to decode after pem.encodetomemory

pem.type is correct but the variable "publiccert" is zero, I tried adding \n to the beginning of the certificate and it did nothing but the certificate itself is not zero, can anyone help me

What can I do to make tls work? ? ?

Correct answer

There are several problems with this code

publiccert := out.bytes()

Copy after login

Checking the contents of publiccert at this stage shows the expected value. But the following statement will simply override publiccert:

certderblock, publiccert := pem.decode(publiccert)

Copy after login

You can see this by examining the publiccert after this statement. As documented publiccert The data will now be displayed after the actual certificate.

This should be

certderblock, _ := pem.decode(publiccert)

Copy after login

Checking the publiccert content after this corrected statement again shows the expected value.

out.reset()
privatepem, _ := x509.marshalpkcs8privatekey(certpriv)
pem.encode(out, &amp;pem.block{type: &quot;private key&quot;, bytes: privatepem})
privitkey := out.bytes()

Copy after login

This will get the expected value into the privitkey. However, it will change publiccert because it is only part of out and out has changed the action. Therefore, out will now contain privitkey at the beginning instead of the beginning of the certificate - this is reflected in the value of publiccert.

See also the documentation for bytes.buffer.bytes

Slicing is only valid until the next buffer modification (that is, only valid before the next read, write, reset or truncate method is called)

So, not just resetting existing buffers

out.reset()

Copy after login

It is better to create a new buffer for privitkey and keep the existing buffer for publiccert

out = &amp;bytes.Buffer{}

Copy after login

The above is the detailed content of tls.X509KeyPair pops up 'Unable to find any PEM data in certificate input' error. For more information, please follow other related articles on the PHP Chinese website!

Statement of this Website

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn