summaryrefslogtreecommitdiff
path: root/modules/caddytls/folderloader.go
diff options
context:
space:
mode:
Diffstat (limited to 'modules/caddytls/folderloader.go')
-rw-r--r--modules/caddytls/folderloader.go20
1 files changed, 16 insertions, 4 deletions
diff --git a/modules/caddytls/folderloader.go b/modules/caddytls/folderloader.go
index f1a742d..10b017e 100644
--- a/modules/caddytls/folderloader.go
+++ b/modules/caddytls/folderloader.go
@@ -97,26 +97,38 @@ func x509CertFromCertAndKeyPEMFile(fpath string) (tls.Certificate, error) {
if derBlock.Type == "CERTIFICATE" {
// Re-encode certificate as PEM, appending to certificate chain
- pem.Encode(certBuilder, derBlock)
+ err = pem.Encode(certBuilder, derBlock)
+ if err != nil {
+ return tls.Certificate{}, err
+ }
} else if derBlock.Type == "EC PARAMETERS" {
// EC keys generated from openssl can be composed of two blocks:
// parameters and key (parameter block should come first)
if !foundKey {
// Encode parameters
- pem.Encode(keyBuilder, derBlock)
+ err = pem.Encode(keyBuilder, derBlock)
+ if err != nil {
+ return tls.Certificate{}, err
+ }
// Key must immediately follow
derBlock, bundle = pem.Decode(bundle)
if derBlock == nil || derBlock.Type != "EC PRIVATE KEY" {
return tls.Certificate{}, fmt.Errorf("%s: expected elliptic private key to immediately follow EC parameters", fpath)
}
- pem.Encode(keyBuilder, derBlock)
+ err = pem.Encode(keyBuilder, derBlock)
+ if err != nil {
+ return tls.Certificate{}, err
+ }
foundKey = true
}
} else if derBlock.Type == "PRIVATE KEY" || strings.HasSuffix(derBlock.Type, " PRIVATE KEY") {
// RSA key
if !foundKey {
- pem.Encode(keyBuilder, derBlock)
+ err = pem.Encode(keyBuilder, derBlock)
+ if err != nil {
+ return tls.Certificate{}, err
+ }
foundKey = true
}
} else {
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-06 07:29:57 +0000