From e1af3dbde6345ca4e4898f0475147bc49a347377 Mon Sep 17 00:00:00 2001
From: "Michael S. Fischer" <mfischer@zendesk.com>
Date: Sat, 8 Feb 2014 18:27:41 -0800
Subject: [PATCH] fix(server/tls_info): use all certificates in CA file

fixes coreos/etcd#553
---
 server/tls_info.go | 20 ++++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/server/tls_info.go b/server/tls_info.go
index bc2d1099b..afcfbadae 100644
--- a/server/tls_info.go
+++ b/server/tls_info.go
@@ -84,19 +84,23 @@ func (info TLSInfo) ClientConfig() (*tls.Config, error) {
 
 // newCertPool creates x509 certPool with provided CA file
 func newCertPool(CAFile string) (*x509.CertPool, error) {
+	certPool := x509.NewCertPool()
 	pemByte, err := ioutil.ReadFile(CAFile)
 	if err != nil {
 		return nil, err
 	}
 
-	block, pemByte := pem.Decode(pemByte)
-	cert, err := x509.ParseCertificate(block.Bytes)
-	if err != nil {
-		return nil, err
+	for {
+		var block *pem.Block
+		block, pemByte = pem.Decode(pemByte)
+		if block == nil {
+			return certPool, nil
+		}
+		cert, err := x509.ParseCertificate(block.Bytes)
+		if err != nil {
+			return nil, err
+		}
+		certPool.AddCert(cert)
 	}
 
-	certPool := x509.NewCertPool()
-	certPool.AddCert(cert)
-
-	return certPool, nil
 }