Skip to content

Commit fc7515b

Browse files
thrawn01thrawn01
committed
GODRIVER-2263 Load all certs in a PEM when using tlsCertificateKeyFile or sslClientCertificateKeyFile options
1 parent c999a05 commit fc7515b

File tree

1 file changed

+11
-7
lines changed

1 file changed

+11
-7
lines changed

mongo/options/clientoptions.go

Lines changed: 11 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1001,7 +1001,8 @@ func addClientCertFromConcatenatedFile(cfg *tls.Config, certKeyFile, keyPassword
10011001
// containing file and returns the certificate's subject name.
10021002
func addClientCertFromBytes(cfg *tls.Config, data []byte, keyPasswd string) (string, error) {
10031003
var currentBlock *pem.Block
1004-
var certBlock, certDecodedBlock, keyBlock []byte
1004+
var certDecodedBlock []byte
1005+
var certBlocks, keyBlocks [][]byte
10051006

10061007
remaining := data
10071008
start := 0
@@ -1012,7 +1013,8 @@ func addClientCertFromBytes(cfg *tls.Config, data []byte, keyPasswd string) (str
10121013
}
10131014

10141015
if currentBlock.Type == "CERTIFICATE" {
1015-
certBlock = data[start : len(data)-len(remaining)]
1016+
certBlock := data[start : len(data)-len(remaining)]
1017+
certBlocks = append(certBlocks, certBlock)
10161018
certDecodedBlock = currentBlock.Bytes
10171019
start += len(certBlock)
10181020
} else if strings.HasSuffix(currentBlock.Type, "PRIVATE KEY") {
@@ -1044,22 +1046,24 @@ func addClientCertFromBytes(cfg *tls.Config, data []byte, keyPasswd string) (str
10441046
}
10451047
var encoded bytes.Buffer
10461048
pem.Encode(&encoded, &pem.Block{Type: currentBlock.Type, Bytes: keyBytes})
1047-
keyBlock = encoded.Bytes()
1049+
keyBlock := encoded.Bytes()
1050+
keyBlocks = append(keyBlocks, keyBlock)
10481051
start = len(data) - len(remaining)
10491052
} else {
1050-
keyBlock = data[start : len(data)-len(remaining)]
1053+
keyBlock := data[start : len(data)-len(remaining)]
1054+
keyBlocks = append(keyBlocks, keyBlock)
10511055
start += len(keyBlock)
10521056
}
10531057
}
10541058
}
1055-
if len(certBlock) == 0 {
1059+
if len(certBlocks) == 0 {
10561060
return "", fmt.Errorf("failed to find CERTIFICATE")
10571061
}
1058-
if len(keyBlock) == 0 {
1062+
if len(keyBlocks) == 0 {
10591063
return "", fmt.Errorf("failed to find PRIVATE KEY")
10601064
}
10611065

1062-
cert, err := tls.X509KeyPair(certBlock, keyBlock)
1066+
cert, err := tls.X509KeyPair(bytes.Join(certBlocks, []byte("\n")), bytes.Join(keyBlocks, []byte("\n")))
10631067
if err != nil {
10641068
return "", err
10651069
}

0 commit comments

Comments
 (0)