tls.X509KeyPair pops up "Unable to find any PEM data in certificate input" error

Question content

I am trying to make a tls certificate for https server through golang x509 package

I got this error

tls: failed to find any pem data in certificate input

After some research, I created my certificate like this

func generatecert()  {
    ca := &x509.certificate{
        serialnumber: big.newint(2023),
        subject: pkix.name{
            organization:       []string{"company"},
            organizationalunit: []string{"lol"},
            country:            []string{"us"},
            province:           []string{""},
            locality:           []string{"ny"},
            streetaddress:      []string{"no street"},
            postalcode:         []string{"77777"},
        },
        notbefore:             time.now(),
        notafter:              time.now().adddate(10, 0, 0),
        subjectkeyid:          []byte{1, 2, 3, 4, 5},
        basicconstraintsvalid: true,
        isca:                  true,
        extkeyusage:           []x509.extkeyusage{x509.extkeyusageclientauth, x509.extkeyusageserverauth},
        keyusage:              x509.keyusagedigitalsignature | x509.keyusagecertsign,
    }

    certpubl, certpriv, err := ed25519.generatekey(rand.reader)
    if err != nil {
        log.println("key generate failed", err)
        return
    }

    certcert, err := x509.createcertificate(rand.reader, ca, ca, certpubl, certpriv)
    if err != nil {
        log.println("create cert failed", err)
        return
    }

    out := &bytes.buffer{}

    //encoding cert
    certtestpem := &pem.block{type: "certificate", bytes: certcert}
    pem.encode(out, certtestpem)
    publiccert := out.bytes()
    certderblock, publiccert := pem.decode(publiccert)

    //check decoded cert
    print(certderblock.type, "\n")
    if publiccert != nil {
        print("publiccert nil\n")
    }

    //encoding private key
    out.reset()
    privatepem, _ := x509.marshalpkcs8privatekey(certpriv)
    pem.encode(out, &pem.block{type: "private key", bytes: privatepem})
    privitkey := out.bytes()

    //check keypair
    _, err = tls.x509keypair(publiccert, privitkey)
    if err != nil {
        print(err.error())
    }
}

It shows error as below

CERTIFICATE
publicCert nil
tls: failed to find any PEM data in certificate input

I try to decode after pem.encodetomemory

pem.type is correct but the variable "publiccert" is zero, I tried adding \n to the beginning of the certificate and it did nothing but the certificate itself is not zero, can anyone help me p>

What can I do to make tls work? ? ?

Correct answer

There are several problems with this code

publiccert := out.bytes()

Checking the contents of publiccert at this stage shows the expected value. But the following statement will simply override publiccert:

certderblock, publiccert := pem.decode(publiccert)

You can see this by examining the publiccert after this statement. As documented publiccert The data will now be displayed after the actual certificate.

This should be

certderblock, _ := pem.decode(publiccert)

Checking the publiccert content after this corrected statement again shows the expected value.

out.reset()
privatepem, _ := x509.marshalpkcs8privatekey(certpriv)
pem.encode(out, &pem.block{type: "private key", bytes: privatepem})
privitkey := out.bytes()

This will get the expected value into the privitkey. However, it will change publiccert because it is only part of out and out has changed the action. Therefore, out will now contain privitkey at the beginning instead of the beginning of the certificate - this is reflected in the value of publiccert.

See also the documentation for bytes.buffer.bytes

Slicing is only valid until the next buffer modification (that is, only valid before the next read, write, reset or truncate method is called)

So, not just resetting existing buffers

out.reset()

It is better to create a new buffer for privitkey and keep the existing buffer for publiccert

out = &bytes.Buffer{}

The above is the detailed content of tls.X509KeyPair pops up "Unable to find any PEM data in certificate input" error. For more information, please follow other related articles on the PHP Chinese website!