Skip to content

Commit 54d70f8

Browse files
sarimsarim
committed
Use pkcs12.Modern.Encode to use modern algorithm
- Replaces pkcs12.Encode call with pkcs12.Modern.Encode - Replaces deprecated pkcs12.ToPEM with pkcs12.DecodeChain
1 parent f1105d6 commit 54d70f8

File tree

1 file changed

+11
-11
lines changed

1 file changed

+11
-11
lines changed

cert.go

Lines changed: 11 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -189,7 +189,7 @@ func Cert(filename string) (tls.Certificate, error) {
189189
if err != nil {
190190
return tls.Certificate{}, errors.WithStack(err)
191191
}
192-
blocks, err := pkcs12.ToPEM(p12, "")
192+
priv, domainCert, caCerts, err := pkcs12.DecodeChain(p12, "")
193193
if err == pkcs12.ErrIncorrectPassword {
194194
priv, domainCert, caCerts, err := pkcs12.DecodeChain(p12, "symfony")
195195
if err != nil {
@@ -200,7 +200,7 @@ func Cert(filename string) (tls.Certificate, error) {
200200

201201
// In case the previous certificate has a passphrase, we re-encode it
202202
// on the fly without passphrase
203-
pfxData, err := pkcs12.Encode(rand.Reader, priv, domainCert, caCerts, "")
203+
pfxData, err := pkcs12.Modern.Encode(priv, domainCert, caCerts, "")
204204
if err != nil {
205205
return tls.Certificate{}, errors.WithStack(err)
206206
}
@@ -219,15 +219,15 @@ func Cert(filename string) (tls.Certificate, error) {
219219
if err != nil {
220220
return tls.Certificate{}, errors.WithStack(err)
221221
}
222-
var pemData []byte
223-
for _, b := range blocks {
224-
pemData = append(pemData, pem.EncodeToMemory(b)...)
222+
certs := [][]byte{domainCert.Raw}
223+
for _, c := range caCerts {
224+
certs = append(certs, c.Raw)
225225
}
226-
cert, err := tls.X509KeyPair(pemData, pemData)
227-
if err != nil {
228-
return tls.Certificate{}, errors.WithStack(err)
229-
}
230-
return cert, nil
226+
227+
return tls.Certificate{
228+
Certificate: certs,
229+
PrivateKey: priv,
230+
}, nil
231231
}
232232

233233
func (ca *CA) CreateCert(hosts []string) (tls.Certificate, error) {
@@ -326,7 +326,7 @@ func (ca *CA) MakeCert(filename string, hosts []string) error {
326326
priv := c.PrivateKey
327327

328328
domainCert, _ := x509.ParseCertificate(cert)
329-
pfxData, err := pkcs12.Encode(rand.Reader, priv, domainCert, []*x509.Certificate{ca.cert}, "")
329+
pfxData, err := pkcs12.Modern.Encode(priv, domainCert, []*x509.Certificate{ca.cert}, "")
330330
if err != nil {
331331
return errors.Wrap(err, "failed to generate PKCS#12")
332332
}

0 commit comments

Comments
 (0)