From 165103d55ec6f548018965734364c2b99c88ba43 Mon Sep 17 00:00:00 2001 From: Armon Dadgar Date: Mon, 7 Apr 2014 12:45:48 -0700 Subject: [PATCH] consul: Fix decoding of certificate --- consul/config.go | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/consul/config.go b/consul/config.go index 12b2f7c3c3..d74cbaa071 100644 --- a/consul/config.go +++ b/consul/config.go @@ -3,6 +3,7 @@ package consul import ( "crypto/tls" "crypto/x509" + "encoding/pem" "fmt" "github.com/hashicorp/memberlist" "github.com/hashicorp/raft" @@ -136,8 +137,14 @@ func (c *Config) CACertificate() (*x509.Certificate, error) { return nil, fmt.Errorf("Failed to read CA file: %v", err) } + // Decode from the PEM format + block, _ := pem.Decode(data) + if block == nil { + return nil, fmt.Errorf("Failed to decode CA PEM!") + } + // Parse the certificate - cert, err := x509.ParseCertificate(data) + cert, err := x509.ParseCertificate(block.Bytes) if err != nil { return nil, fmt.Errorf("Failed to parse CA file: %v", err) } @@ -222,7 +229,7 @@ func (c *Config) IncomingTLSConfig() (*tls.Config, error) { return nil, fmt.Errorf("VerifyIncoming set, and no Cert/Key pair provided!") } } - return nil, nil + return tlsConfig, nil } // DefaultConfig is used to return a sane default configuration