From 3004deb045d9a34eba5fac388114e7bbaefbcfb6 Mon Sep 17 00:00:00 2001
From: Erik Arvstedt <erik.arvstedt@gmail.com>
Date: Sun, 7 May 2023 19:19:27 +0200
Subject: [PATCH 1/2] lnd: Restore support for `PKCS8`-encoded cert private
 keys

c0f44a17b75784f018652cb382c6ef4cd34d7ae0, available since `v0.16.x`,
broke support for certificate private keys encoded in the widely-used
`PKCS8` format.
---
 tls_manager.go | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/tls_manager.go b/tls_manager.go
index 249c76218..0d9498d12 100644
--- a/tls_manager.go
+++ b/tls_manager.go
@@ -35,7 +35,10 @@ const (
 
 var (
 	// privateKeyPrefix is the prefix to a plaintext TLS key.
-	privateKeyPrefix = []byte("-----BEGIN EC PRIVATE KEY-----")
+	// It should match these two key formats:
+	// - `-----BEGIN PRIVATE KEY-----`    (PKCS8).
+	// - `-----BEGIN EC PRIVATE KEY-----` (SEC1/rfc5915, the legacy format).
+	privateKeyPrefix = []byte("-----BEGIN ")
 
 	// letsEncryptTimeout sets a timeout for the Lets Encrypt server.
 	letsEncryptTimeout = 5 * time.Second

From d21abf9fc0fcc6abc4acbbf7d0f7636dbe91d77e Mon Sep 17 00:00:00 2001
From: Erik Arvstedt <erik.arvstedt@gmail.com>
Date: Mon, 8 May 2023 10:28:34 +0200
Subject: [PATCH 2/2] docs: update release notes

---
 docs/release-notes/release-notes-0.17.0.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/docs/release-notes/release-notes-0.17.0.md b/docs/release-notes/release-notes-0.17.0.md
index c5eed2886..fa291a59d 100644
--- a/docs/release-notes/release-notes-0.17.0.md
+++ b/docs/release-notes/release-notes-0.17.0.md
@@ -33,11 +33,14 @@
 independently](https://github.com/lightningnetwork/lnd/pull/7592) on wallet
 unlock or create.
 
+* [Restore support](https://github.com/lightningnetwork/lnd/pull/7678) for
+  `PKCS8`-encoded cert private keys.
 
 # Contributors (Alphabetical Order)
 
 * Carla Kirk-Cohen
 * Daniel McNally
 * Elle Mouton
+* Erik Arvstedt
 * hieblmi
 * Jordi Montes