aboutsummaryrefslogtreecommitdiffhomepage
path: root/caddyconfig/httpcaddyfile/builtins.go
diff options
context:
space:
mode:
authorFrancis Lavoie <[email protected]>2023-12-20 10:37:21 -0500
committerGitHub <[email protected]>2023-12-20 08:37:21 -0700
commitf976c84d9e5b3fe5b30102e37527062e6c6a2378 (patch)
tree25b3d28d390a3cfe862edbc0f11c60fd1a0f9972 /caddyconfig/httpcaddyfile/builtins.go
parent1bf72db6ff65b038f299bf7cd0a4fdccf015f1ac (diff)
downloadcaddy-f976c84d9e5b3fe5b30102e37527062e6c6a2378.tar.gz
caddy-f976c84d9e5b3fe5b30102e37527062e6c6a2378.zip
httpcaddyfile: Fix cert file decoding to load multiple PEM in one file (#5997)
Diffstat (limited to 'caddyconfig/httpcaddyfile/builtins.go')
-rw-r--r--caddyconfig/httpcaddyfile/builtins.go28
1 files changed, 19 insertions, 9 deletions
diff --git a/caddyconfig/httpcaddyfile/builtins.go b/caddyconfig/httpcaddyfile/builtins.go
index 94ca007d2..22b2f01fa 100644
--- a/caddyconfig/httpcaddyfile/builtins.go
+++ b/caddyconfig/httpcaddyfile/builtins.go
@@ -246,16 +246,26 @@ func parseTLS(h Helper) ([]ConfigValue, error) {
if err != nil {
return nil, err
}
- block, _ := pem.Decode(certDataPEM)
- if block == nil || block.Type != "CERTIFICATE" {
- return nil, h.Errf("no CERTIFICATE pem block found in %s", h.Val())
+ // while block is not nil, we have more certificates in the file
+ for block, rest := pem.Decode(certDataPEM); block != nil; block, rest = pem.Decode(rest) {
+ if block.Type != "CERTIFICATE" {
+ return nil, h.Errf("no CERTIFICATE pem block found in %s", filename)
+ }
+ if subdir == "trusted_ca_cert_file" {
+ cp.ClientAuthentication.TrustedCACerts = append(
+ cp.ClientAuthentication.TrustedCACerts,
+ base64.StdEncoding.EncodeToString(block.Bytes),
+ )
+ } else {
+ cp.ClientAuthentication.TrustedLeafCerts = append(
+ cp.ClientAuthentication.TrustedLeafCerts,
+ base64.StdEncoding.EncodeToString(block.Bytes),
+ )
+ }
}
- if subdir == "trusted_ca_cert_file" {
- cp.ClientAuthentication.TrustedCACerts = append(cp.ClientAuthentication.TrustedCACerts,
- base64.StdEncoding.EncodeToString(block.Bytes))
- } else {
- cp.ClientAuthentication.TrustedLeafCerts = append(cp.ClientAuthentication.TrustedLeafCerts,
- base64.StdEncoding.EncodeToString(block.Bytes))
+ // if we decoded nothing, return an error
+ if len(cp.ClientAuthentication.TrustedCACerts) == 0 && len(cp.ClientAuthentication.TrustedLeafCerts) == 0 {
+ return nil, h.Errf("no CERTIFICATE pem block found in %s", filename)
}
default: