Skip to content

crypto/tls API mismatch: missing tls.X509KeyPair and ClientAuth constants, LoadX509KeyPair stubbed #5204

@M09Ic

Description

@M09Ic

What happened?

While building a TinyGo Linux native binary (v0.40.1), we hit crypto/tls API mismatches compared with the Go stdlib surface.

Compile-time failures:

undefined: tls.X509KeyPair
undefined: tls.RequireAndVerifyClientCert

At the same time, tls.LoadX509KeyPair exists but returns not implemented at runtime in TinyGo's crypto/tls/tls.go.

This makes common stdlib-compatible TLS config code fail to compile (or fail at runtime), even for simple config helpers.

Reproducer

main.go:

package main

import (
    "crypto/tls"
    "fmt"
)

func main() {
    // 1) compile-time symbol check
    _ = tls.RequireAndVerifyClientCert

    // 2) compile-time symbol check
    _, _ = tls.X509KeyPair([]byte(""), []byte(""))

    // 3) runtime behavior check (if only this line is kept)
    _, err := tls.LoadX509KeyPair("cert.pem", "key.pem")
    fmt.Println(err)
}

Build:

tinygo build -o app ./main.go

Environment

  • tinygo version 0.40.1 linux/amd64 (LLVM 20.1.1)
  • also reproducible with tinygo 0.40.1 windows/amd64
  • host: Ubuntu 24.04 (WSL2)

Source observations

In TinyGo 0.40.1 sources:

  • src/crypto/tls/tls.go has LoadX509KeyPair but it returns errors.New("tls:LoadX509KeyPair not implemented").
  • src/crypto/tls/common.go defines type ClientAuthType int but does not define stdlib constants like RequireAndVerifyClientCert.
  • tls.X509KeyPair is missing from the package API.

Expected behavior

Either:

  1. Expose stdlib-compatible symbols (X509KeyPair, ClientAuthType constants) with documented behavior, or
  2. Clearly document/guard unsupported API so the failure mode is consistent and discoverable (preferably compile-time with actionable errors).

Related

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions