httpcaddyfile: Fix cert file decoding to load multiple PEM in one file (#5997)

This commit is contained in:
Francis Lavoie 2023-12-20 10:37:21 -05:00 committed by GitHub
parent 1bf72db6ff
commit f976c84d9e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -246,16 +246,26 @@ func parseTLS(h Helper) ([]ConfigValue, error) {
if err != nil { if err != nil {
return nil, err return nil, err
} }
block, _ := pem.Decode(certDataPEM) // while block is not nil, we have more certificates in the file
if block == nil || block.Type != "CERTIFICATE" { for block, rest := pem.Decode(certDataPEM); block != nil; block, rest = pem.Decode(rest) {
return nil, h.Errf("no CERTIFICATE pem block found in %s", h.Val()) if block.Type != "CERTIFICATE" {
return nil, h.Errf("no CERTIFICATE pem block found in %s", filename)
} }
if subdir == "trusted_ca_cert_file" { if subdir == "trusted_ca_cert_file" {
cp.ClientAuthentication.TrustedCACerts = append(cp.ClientAuthentication.TrustedCACerts, cp.ClientAuthentication.TrustedCACerts = append(
base64.StdEncoding.EncodeToString(block.Bytes)) cp.ClientAuthentication.TrustedCACerts,
base64.StdEncoding.EncodeToString(block.Bytes),
)
} else { } else {
cp.ClientAuthentication.TrustedLeafCerts = append(cp.ClientAuthentication.TrustedLeafCerts, cp.ClientAuthentication.TrustedLeafCerts = append(
base64.StdEncoding.EncodeToString(block.Bytes)) cp.ClientAuthentication.TrustedLeafCerts,
base64.StdEncoding.EncodeToString(block.Bytes),
)
}
}
// if we decoded nothing, return an error
if len(cp.ClientAuthentication.TrustedCACerts) == 0 && len(cp.ClientAuthentication.TrustedLeafCerts) == 0 {
return nil, h.Errf("no CERTIFICATE pem block found in %s", filename)
} }
default: default: