mirror of
https://github.com/caddyserver/caddy.git
synced 2024-11-24 18:20:25 +08:00
httpcaddyfile: Fix cert file decoding to load multiple PEM in one file (#5997)
This commit is contained in:
parent
1bf72db6ff
commit
f976c84d9e
|
@ -246,16 +246,26 @@ func parseTLS(h Helper) ([]ConfigValue, error) {
|
|||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
block, _ := pem.Decode(certDataPEM)
|
||||
if block == nil || block.Type != "CERTIFICATE" {
|
||||
return nil, h.Errf("no CERTIFICATE pem block found in %s", h.Val())
|
||||
// while block is not nil, we have more certificates in the file
|
||||
for block, rest := pem.Decode(certDataPEM); block != nil; block, rest = pem.Decode(rest) {
|
||||
if block.Type != "CERTIFICATE" {
|
||||
return nil, h.Errf("no CERTIFICATE pem block found in %s", filename)
|
||||
}
|
||||
if subdir == "trusted_ca_cert_file" {
|
||||
cp.ClientAuthentication.TrustedCACerts = append(
|
||||
cp.ClientAuthentication.TrustedCACerts,
|
||||
base64.StdEncoding.EncodeToString(block.Bytes),
|
||||
)
|
||||
} else {
|
||||
cp.ClientAuthentication.TrustedLeafCerts = append(
|
||||
cp.ClientAuthentication.TrustedLeafCerts,
|
||||
base64.StdEncoding.EncodeToString(block.Bytes),
|
||||
)
|
||||
}
|
||||
}
|
||||
if subdir == "trusted_ca_cert_file" {
|
||||
cp.ClientAuthentication.TrustedCACerts = append(cp.ClientAuthentication.TrustedCACerts,
|
||||
base64.StdEncoding.EncodeToString(block.Bytes))
|
||||
} else {
|
||||
cp.ClientAuthentication.TrustedLeafCerts = append(cp.ClientAuthentication.TrustedLeafCerts,
|
||||
base64.StdEncoding.EncodeToString(block.Bytes))
|
||||
// if we decoded nothing, return an error
|
||||
if len(cp.ClientAuthentication.TrustedCACerts) == 0 && len(cp.ClientAuthentication.TrustedLeafCerts) == 0 {
|
||||
return nil, h.Errf("no CERTIFICATE pem block found in %s", filename)
|
||||
}
|
||||
|
||||
default:
|
||||
|
|
Loading…
Reference in New Issue
Block a user