Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow non-NIST-P256 TLS server keys #360

Merged
merged 1 commit into from
Jan 23, 2025
Merged

Allow non-NIST-P256 TLS server keys #360

merged 1 commit into from
Jan 23, 2025

Conversation

sethterashima
Copy link
Collaborator

Description

Fixes a regression in a safety check on the TLS key that prevented the HTTP proxy server from launching.

The intended purpose of the safety check is to verify that the user is not using the same key as both a TLS server key and a command-authentication key. The code tries to load the TLS key as a command-authentication key, and then compares it with the actual command-authentication key. If the loading step fails because the TLS key is not a NIST-P256 key, then everything is fine. There's no way it could be being misued. However, a loading failure was being treated as a fatal error.

Fixes #359

Type of change

Please select all options that apply to this change:

  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Bug fix (non-breaking change which fixes an issue)
  • Documentation update

Checklist:

Confirm you have completed the following steps:

  • My code follows the style of this project.
  • I have performed a self-review of my code.
  • I have made corresponding updates to the documentation.
  • I have added/updated unit tests to cover my changes.

Allow non-NIST-P256 TLS server keys
eb9f9cc 
Fixes a regression in a safety check on the TLS key that prevented the
HTTP proxy server from launching.

The intended purpose of the safety check is to verify that the user is
not using the same key as both a TLS server key and a
command-authentication key. The code tries to load the TLS key as a
command-authentication key, and then compares it with the actual
command-authentication key. If the loading step fails because the TLS
key is not a NIST-P256 key, then everything is fine. There's no way it
could be being misued. However, a loading failure was being treated as a
fatal error.
@sethterashima sethterashima merged commit 9efa0cf into teslamotors:main Jan 23, 2025
1 check passed
@sethterashima sethterashima deleted the fix-tls-key-loading-error branch January 23, 2025 21:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thefireblade thefireblade thefireblade approved these changes

@agbpatro agbpatro agbpatro approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Tesla Http Proxy Error loading public key: BadParameter: invalid public key
3 participants
@sethterashima @agbpatro @thefireblade