consul: Fix decoding of certificate

2025-02-22 18:38:19 +00:00 · 2014-04-07 12:45:48 -07:00 · 2014-04-07 12:45:48 -07:00 · 165103d55e
commit 165103d55e
parent 39a55953af
1 changed files with 9 additions and 2 deletions
--- a/consul/config.go
+++ b/consul/config.go
@ -3,6 +3,7 @@ package consul
 import (
 	"crypto/tls"
 	"crypto/x509"
+	"encoding/pem"
 	"fmt"
 	"github.com/hashicorp/memberlist"
 	"github.com/hashicorp/raft"
@ -136,8 +137,14 @@ func (c *Config) CACertificate() (*x509.Certificate, error) {
 		return nil, fmt.Errorf("Failed to read CA file: %v", err)
 	}

+	// Decode from the PEM format
+	block, _ := pem.Decode(data)
+	if block == nil {
+		return nil, fmt.Errorf("Failed to decode CA PEM!")
+	}
+
 	// Parse the certificate
-	cert, err := x509.ParseCertificate(data)
+	cert, err := x509.ParseCertificate(block.Bytes)
 	if err != nil {
 		return nil, fmt.Errorf("Failed to parse CA file: %v", err)
 	}
@ -222,7 +229,7 @@ func (c *Config) IncomingTLSConfig() (*tls.Config, error) {
 			return nil, fmt.Errorf("VerifyIncoming set, and no Cert/Key pair provided!")
 		}
 	}
-	return nil, nil
+	return tlsConfig, nil
 }

 // DefaultConfig is used to return a sane default configuration