diff --git a/tlsutil/generate.go b/tlsutil/generate.go index f315024e94..5a3f0b4ed7 100644 --- a/tlsutil/generate.go +++ b/tlsutil/generate.go @@ -4,8 +4,8 @@ import ( "bytes" "crypto" "crypto/ecdsa" - "crypto/rsa" "crypto/rand" + "crypto/rsa" "crypto/sha256" "crypto/x509" "crypto/x509/pkix" @@ -175,10 +175,22 @@ func ParseSigner(pemValue string) (crypto.Signer, error) { switch block.Type { case "EC PRIVATE KEY": return x509.ParseECPrivateKey(block.Bytes) - + case "RSA PRIVATE KEY": return x509.ParsePKCS1PrivateKey(block.Bytes) - + + case "PRIVATE KEY": + signer, err := x509.ParsePKCS8PrivateKey(block.Bytes) + if err != nil { + return nil, err + } + pk, ok := signer.(crypto.Signer) + if !ok { + return nil, fmt.Errorf("private key is not a valid format") + } + + return pk, nil + default: return nil, fmt.Errorf("unknown PEM block type for signing key: %s", block.Type) }