Using ec256 keys with Foreman (Feature request?)

Problem:
I’m trying to load Let’s Encrypt certificates into Foreman for various purposes and finding that it doesn’t seem to like my ec256 keys, as generated by “lego”.

2022-05-01 01:09:37 [ERROR ] [configure] May 01 01:09:37 foreman01 smart-proxy[30533]: 2022-05-01T01:09:37  [E] Unable to load private SSL key. Are the values correct in settings.yml and do permissions allow reading?
2022-05-01 01:09:37 [ERROR ] [configure] May 01 01:09:37 foreman01 smart-proxy[30533]: 2022-05-01T01:09:37  [W] Error details for Unable to load private SSL key. Are the values correct in settings.yml and do permissions allow reading?: <OpenSSL::PKey::RSAError>: Neither PUB key nor PRIV key: nested asn1 error
2022-05-01 01:09:37 [ERROR ] [configure] May 01 01:09:37 foreman01 smart-proxy[30533]: /usr/share/foreman-proxy/lib/launcher.rb:113:in `initialize'

Looking at the code…

    def load_ssl_private_key(path)
      OpenSSL::PKey::RSA.new(File.read(path))

I get the impression it’s loading keys specifically assuming they’re RSA keys, which breaks when it encounters a non-RSA key.

Expected outcome:
To be able to load the key.

Foreman and Proxy versions:
Foreman installer 3.2.

Distribution and version:
Debian 11

Other relevant data:

Hey,

thanks a ton for reporting this!

Would you mind try changing this to:

    def load_ssl_private_key(path)
      OpenSSL::PKey.read(File.read(path))

In the meantime, I’ve found a few more places using RSA.new and started a tracker to fix them all: Tracker #34842: Support EC (and other non-RSA) keys for authentication - Foreman

1 Like