From f68d7bade1111a8487d55b0830929915acd3c698 Mon Sep 17 00:00:00 2001
From: Blake Johnson <blake@onesilq.com>
Date: Sat, 8 Feb 2025 12:06:36 -0800
Subject: [PATCH] Change private key loading to default to PEM-encoded PKCS#8

---
 web-server-doc/web-server/scribblings/launch.scrbl | 4 +++-
 web-server-lib/web-server/web-server.rkt           | 2 +-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/web-server-doc/web-server/scribblings/launch.scrbl b/web-server-doc/web-server/scribblings/launch.scrbl
index 066e9955..eb7f2d0f 100644
--- a/web-server-doc/web-server/scribblings/launch.scrbl
+++ b/web-server-doc/web-server/scribblings/launch.scrbl
@@ -193,7 +193,9 @@ A default implementation of the dispatch server's connection-conversion abstract
 
 Constructs an implementation of the dispatch server's connection-conversion abstraction for OpenSSL.
 
-@history[#:added "1.1"]}
+@history[#:changed "8.16"
+         @elem{Changed the handling of private keys to support the PEM-encoded PKCS#8 format by default.}
+         #:added "1.1"]}
 
 
 @defproc[(do-not-return) none/c]{
diff --git a/web-server-lib/web-server/web-server.rkt b/web-server-lib/web-server/web-server.rkt
index 3f012cef..4f123729 100644
--- a/web-server-lib/web-server/web-server.rkt
+++ b/web-server-lib/web-server/web-server.rkt
@@ -74,7 +74,7 @@
   (define the-ctxt
     (ssl-make-server-context))
   (ssl-load-certificate-chain! the-ctxt server-cert-file)
-  (ssl-load-private-key! the-ctxt server-key-file)
+  (ssl-load-private-key! the-ctxt server-key-file #f)
   (define-unit ssl:dispatch-server-connect@
     (import) (export dispatch-server-connect^)
     (define (port->real-ports ip op)