summaryrefslogtreecommitdiff
path: root/modules/caddypki
diff options
context:
space:
mode:
authorMatthew Holt <mholt@users.noreply.github.com>2022-01-07 10:55:11 -0700
committerMatthew Holt <mholt@users.noreply.github.com>2022-01-07 10:55:11 -0700
commitc634bbe9cc7ef6ce6f9f776010ce96384fd43340 (patch)
tree1a7cb0b60e519437b990339dded41a2c7037af08 /modules/caddypki
parent4b9849c7922c3a0a7b1bd487f5d890fcff32aaba (diff)
caddypki: Return error if no PEM data found
Best guess for https://caddy.community/t/on-fly-certificate-generation-based-on-sni/14639/4
Diffstat (limited to 'modules/caddypki')
-rw-r--r--modules/caddypki/crypto.go3
1 files changed, 3 insertions, 0 deletions
diff --git a/modules/caddypki/crypto.go b/modules/caddypki/crypto.go
index d8e72c6..dbc6f38 100644
--- a/modules/caddypki/crypto.go
+++ b/modules/caddypki/crypto.go
@@ -81,6 +81,9 @@ func pemEncodePrivateKey(key crypto.PrivateKey) ([]byte, error) {
// TODO: this is the same thing as in certmagic. Should we reuse that code somehow? It's unexported.
func pemDecodePrivateKey(keyPEMBytes []byte) (crypto.PrivateKey, error) {
keyBlockDER, _ := pem.Decode(keyPEMBytes)
+ if keyBlockDER == nil {
+ return nil, fmt.Errorf("no PEM data found")
+ }
if keyBlockDER.Type != "PRIVATE KEY" && !strings.HasSuffix(keyBlockDER.Type, " PRIVATE KEY") {
return nil, fmt.Errorf("unknown PEM header %q", keyBlockDER.Type)