fix(server/tls_info): use all certificates in CA file

fixes coreos/etcd#553
2024-09-27 06:25:44 +00:00 · 2014-02-08 18:27:41 -08:00 · 2014-02-08 18:27:41 -08:00 · e1af3dbde6
commit e1af3dbde6
parent 137f87c414
1 changed files with 12 additions and 8 deletions
--- a/server/tls_info.go
+++ b/server/tls_info.go
@ -84,19 +84,23 @@ func (info TLSInfo) ClientConfig() (*tls.Config, error) {

 // newCertPool creates x509 certPool with provided CA file
 func newCertPool(CAFile string) (*x509.CertPool, error) {
+	certPool := x509.NewCertPool()
 	pemByte, err := ioutil.ReadFile(CAFile)
 	if err != nil {
 		return nil, err
 	}

-	block, pemByte := pem.Decode(pemByte)
-	cert, err := x509.ParseCertificate(block.Bytes)
-	if err != nil {
-		return nil, err
+	for {
+		var block *pem.Block
+		block, pemByte = pem.Decode(pemByte)
+		if block == nil {
+			return certPool, nil
+		}
+		cert, err := x509.ParseCertificate(block.Bytes)
+		if err != nil {
+			return nil, err
+		}
+		certPool.AddCert(cert)
 	}

-	certPool := x509.NewCertPool()
-	certPool.AddCert(cert)
-
-	return certPool, nil
 }