mirror of
https://github.com/caddyserver/caddy.git
synced 2024-11-28 11:44:08 +08:00
httpcaddyfile: Fix cert file decoding to load multiple PEM in one file (#5997)
This commit is contained in:
parent
1bf72db6ff
commit
f976c84d9e
|
@ -246,16 +246,26 @@ func parseTLS(h Helper) ([]ConfigValue, error) {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
block, _ := pem.Decode(certDataPEM)
|
// while block is not nil, we have more certificates in the file
|
||||||
if block == nil || block.Type != "CERTIFICATE" {
|
for block, rest := pem.Decode(certDataPEM); block != nil; block, rest = pem.Decode(rest) {
|
||||||
return nil, h.Errf("no CERTIFICATE pem block found in %s", h.Val())
|
if block.Type != "CERTIFICATE" {
|
||||||
|
return nil, h.Errf("no CERTIFICATE pem block found in %s", filename)
|
||||||
|
}
|
||||||
|
if subdir == "trusted_ca_cert_file" {
|
||||||
|
cp.ClientAuthentication.TrustedCACerts = append(
|
||||||
|
cp.ClientAuthentication.TrustedCACerts,
|
||||||
|
base64.StdEncoding.EncodeToString(block.Bytes),
|
||||||
|
)
|
||||||
|
} else {
|
||||||
|
cp.ClientAuthentication.TrustedLeafCerts = append(
|
||||||
|
cp.ClientAuthentication.TrustedLeafCerts,
|
||||||
|
base64.StdEncoding.EncodeToString(block.Bytes),
|
||||||
|
)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
if subdir == "trusted_ca_cert_file" {
|
// if we decoded nothing, return an error
|
||||||
cp.ClientAuthentication.TrustedCACerts = append(cp.ClientAuthentication.TrustedCACerts,
|
if len(cp.ClientAuthentication.TrustedCACerts) == 0 && len(cp.ClientAuthentication.TrustedLeafCerts) == 0 {
|
||||||
base64.StdEncoding.EncodeToString(block.Bytes))
|
return nil, h.Errf("no CERTIFICATE pem block found in %s", filename)
|
||||||
} else {
|
|
||||||
cp.ClientAuthentication.TrustedLeafCerts = append(cp.ClientAuthentication.TrustedLeafCerts,
|
|
||||||
base64.StdEncoding.EncodeToString(block.Bytes))
|
|
||||||
}
|
}
|
||||||
|
|
||||||
default:
|
default:
|
||||||
|
|
Loading…
Reference in New Issue
Block a user