From 3004deb045d9a34eba5fac388114e7bbaefbcfb6 Mon Sep 17 00:00:00 2001
From: Erik Arvstedt <erik.arvstedt@gmail.com>
Date: Sun, 7 May 2023 19:19:27 +0200
Subject: [PATCH] lnd: Restore support for `PKCS8`-encoded cert private keys

c0f44a17b75784f018652cb382c6ef4cd34d7ae0, available since `v0.16.x`,
broke support for certificate private keys encoded in the widely-used
`PKCS8` format.
---
 tls_manager.go | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/tls_manager.go b/tls_manager.go
index 249c76218..0d9498d12 100644
--- a/tls_manager.go
+++ b/tls_manager.go
@@ -35,7 +35,10 @@ const (
 
 var (
 	// privateKeyPrefix is the prefix to a plaintext TLS key.
-	privateKeyPrefix = []byte("-----BEGIN EC PRIVATE KEY-----")
+	// It should match these two key formats:
+	// - `-----BEGIN PRIVATE KEY-----`    (PKCS8).
+	// - `-----BEGIN EC PRIVATE KEY-----` (SEC1/rfc5915, the legacy format).
+	privateKeyPrefix = []byte("-----BEGIN ")
 
 	// letsEncryptTimeout sets a timeout for the Lets Encrypt server.
 	letsEncryptTimeout = 5 * time.Second