aboutsummaryrefslogtreecommitdiffhomepage
path: root/modules/caddytls/storageloader.go
diff options
context:
space:
mode:
Diffstat (limited to 'modules/caddytls/storageloader.go')
-rw-r--r--modules/caddytls/storageloader.go9
1 files changed, 9 insertions, 0 deletions
diff --git a/modules/caddytls/storageloader.go b/modules/caddytls/storageloader.go
index f9f0e7e68..c9487e892 100644
--- a/modules/caddytls/storageloader.go
+++ b/modules/caddytls/storageloader.go
@@ -17,6 +17,7 @@ package caddytls
import (
"crypto/tls"
"fmt"
+ "strings"
"github.com/caddyserver/certmagic"
@@ -88,8 +89,16 @@ func (sl StorageLoader) LoadCertificates() ([]Certificate, error) {
switch pair.Format {
case "":
fallthrough
+
case "pem":
+ // if the start of the key file looks like an encrypted private key,
+ // reject it with a helpful error message
+ if strings.Contains(string(keyData[:40]), "ENCRYPTED") {
+ return nil, fmt.Errorf("encrypted private keys are not supported; please decrypt the key first")
+ }
+
cert, err = tls.X509KeyPair(certData, keyData)
+
default:
return nil, fmt.Errorf("unrecognized certificate/key encoding format: %s", pair.Format)
}