diff options
author | Francis Lavoie <[email protected]> | 2023-12-20 10:37:21 -0500 |
---|---|---|
committer | GitHub <[email protected]> | 2023-12-20 08:37:21 -0700 |
commit | f976c84d9e5b3fe5b30102e37527062e6c6a2378 (patch) | |
tree | 25b3d28d390a3cfe862edbc0f11c60fd1a0f9972 /caddyconfig/httpcaddyfile/builtins.go | |
parent | 1bf72db6ff65b038f299bf7cd0a4fdccf015f1ac (diff) | |
download | caddy-f976c84d9e5b3fe5b30102e37527062e6c6a2378.tar.gz caddy-f976c84d9e5b3fe5b30102e37527062e6c6a2378.zip |
httpcaddyfile: Fix cert file decoding to load multiple PEM in one file (#5997)
Diffstat (limited to 'caddyconfig/httpcaddyfile/builtins.go')
-rw-r--r-- | caddyconfig/httpcaddyfile/builtins.go | 28 |
1 files changed, 19 insertions, 9 deletions
diff --git a/caddyconfig/httpcaddyfile/builtins.go b/caddyconfig/httpcaddyfile/builtins.go index 94ca007d2..22b2f01fa 100644 --- a/caddyconfig/httpcaddyfile/builtins.go +++ b/caddyconfig/httpcaddyfile/builtins.go @@ -246,16 +246,26 @@ func parseTLS(h Helper) ([]ConfigValue, error) { if err != nil { return nil, err } - block, _ := pem.Decode(certDataPEM) - if block == nil || block.Type != "CERTIFICATE" { - return nil, h.Errf("no CERTIFICATE pem block found in %s", h.Val()) + // while block is not nil, we have more certificates in the file + for block, rest := pem.Decode(certDataPEM); block != nil; block, rest = pem.Decode(rest) { + if block.Type != "CERTIFICATE" { + return nil, h.Errf("no CERTIFICATE pem block found in %s", filename) + } + if subdir == "trusted_ca_cert_file" { + cp.ClientAuthentication.TrustedCACerts = append( + cp.ClientAuthentication.TrustedCACerts, + base64.StdEncoding.EncodeToString(block.Bytes), + ) + } else { + cp.ClientAuthentication.TrustedLeafCerts = append( + cp.ClientAuthentication.TrustedLeafCerts, + base64.StdEncoding.EncodeToString(block.Bytes), + ) + } } - if subdir == "trusted_ca_cert_file" { - cp.ClientAuthentication.TrustedCACerts = append(cp.ClientAuthentication.TrustedCACerts, - base64.StdEncoding.EncodeToString(block.Bytes)) - } else { - cp.ClientAuthentication.TrustedLeafCerts = append(cp.ClientAuthentication.TrustedLeafCerts, - base64.StdEncoding.EncodeToString(block.Bytes)) + // if we decoded nothing, return an error + if len(cp.ClientAuthentication.TrustedCACerts) == 0 && len(cp.ClientAuthentication.TrustedLeafCerts) == 0 { + return nil, h.Errf("no CERTIFICATE pem block found in %s", filename) } default: |