]> Cypherpunks repositories - gostls13.git/commitdiff
projects / gostls13.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c63a880)
crypto/tls: load a chain of certificates from a file.
authorAdam Langley <agl@golang.org>
Sat, 5 Feb 2011 18:54:25 +0000 (13:54 -0500)
committerAdam Langley <agl@golang.org>
Sat, 5 Feb 2011 18:54:25 +0000 (13:54 -0500)
Many recently issued certificates are chained: there's one or more
intermediate certificates between the host certificate and the root CA
certificate. This change causes the code to load any number of
certificates from the certificate file. This matches the behaviour of
common webservers, and the output of OpenSSL's command line tools.

R=golang-dev, r2
CC=golang-dev
https://golang.org/cl/4119057

src/pkg/crypto/tls/tls.go patch | blob | history

diff --git a/src/pkg/crypto/tls/tls.go b/src/pkg/crypto/tls/tls.go
index b11d3225daa6eb7add50aa6deee219d36a8b6614..e8290d728dd80153835ef5f8b178f5917436a00e 100644 (file)
--- a/src/pkg/crypto/tls/tls.go
+++ b/src/pkg/crypto/tls/tls.go
@@ -124,14 +124,22 @@ func LoadX509KeyPair(certFile string, keyFile string) (cert Certificate, err os.
                return
        }
 
-       certDERBlock, _ := pem.Decode(certPEMBlock)
-       if certDERBlock == nil {
+       var certDERBlock *pem.Block
+       for {
+               certDERBlock, certPEMBlock = pem.Decode(certPEMBlock)
+               if certDERBlock == nil {
+                       break
+               }
+               if certDERBlock.Type == "CERTIFICATE" {
+                       cert.Certificate = append(cert.Certificate, certDERBlock.Bytes)
+               }
+       }
+
+       if len(cert.Certificate) == 0 {
                err = os.ErrorString("crypto/tls: failed to parse certificate PEM data")
                return
        }
 
-       cert.Certificate = [][]byte{certDERBlock.Bytes}
-
        keyPEMBlock, err := ioutil.ReadFile(keyFile)
        if err != nil {
                return
@@ -153,7 +161,7 @@ func LoadX509KeyPair(certFile string, keyFile string) (cert Certificate, err os.
 
        // We don't need to parse the public key for TLS, but we so do anyway
        // to check that it looks sane and matches the private key.
-       x509Cert, err := x509.ParseCertificate(certDERBlock.Bytes)
+       x509Cert, err := x509.ParseCertificate(cert.Certificate[0])
        if err != nil {
                return
        }
Go GOST TLS 1.3