From 7c62ae5d2e9ea8e7e4643f4aec19ff495968e64d Mon Sep 17 00:00:00 2001
From: Andreas Landgraf <alandgraf@gmx.at>
Date: Thu, 13 Nov 2025 16:57:11 +0100
Subject: [PATCH] Add support for EC private key in mTLS check

---
 testssl.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/testssl.sh b/testssl.sh
index b6f61aa..12d4715 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -25214,7 +25214,7 @@ parse_cmd_line() {
      if [[ ! -z "$MTLS" ]]; then
           if [[ -f $MTLS ]]; then
                grep -q 'BEGIN CERTIFICATE' "$MTLS" || fatal_cmd_line "\"$MTLS\" is not a client certificate file in PEM format" $ERR_RESOURCE
-               grep -q 'BEGIN PRIVATE KEY\|BEGIN RSA PRIVATE KEY' "$MTLS" || fatal_cmd_line "\"$MTLS\" the not encrypted private key is missing in the specified PEM file" $ERR_RESOURCE
+               grep -q 'BEGIN PRIVATE KEY\|BEGIN RSA PRIVATE KEY\|BEGIN EC PRIVATE KEY' "$MTLS" || fatal_cmd_line "\"$MTLS\" the not encrypted private key is missing in the specified PEM file" $ERR_RESOURCE
                MTLS=$MTLS
           else
                [[ -s "$MTLS" ]] || fatal_cmd_line "the specified client certificate file \"$MTLS\" does not exist" $ERR_RESOURCE