Skip to content

Commit

Permalink
Merge branch 'improved-http-performance' of https://github.com/AlliBa…
Browse files Browse the repository at this point in the history
…lliBaba/caddy into improved-http-performance
  • Loading branch information
Alliballibaba2 committed Sep 25, 2024
2 parents fac862a + 75f8ba4 commit 25098cf
Show file tree
Hide file tree
Showing 3 changed files with 24 additions and 0 deletions.
9 changes: 9 additions & 0 deletions modules/caddytls/fileloader.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ import (
"crypto/tls"
"fmt"
"os"
"strings"

"github.com/caddyserver/caddy/v2"
)
Expand Down Expand Up @@ -92,8 +93,16 @@ func (fl FileLoader) LoadCertificates() ([]Certificate, error) {
switch pair.Format {
case "":
fallthrough

case "pem":
// if the start of the key file looks like an encrypted private key,
// reject it with a helpful error message
if strings.Contains(string(keyData[:40]), "ENCRYPTED") {
return nil, fmt.Errorf("encrypted private keys are not supported; please decrypt the key first")
}

cert, err = tls.X509KeyPair(certData, keyData)

default:
return nil, fmt.Errorf("unrecognized certificate/key encoding format: %s", pair.Format)
}
Expand Down
6 changes: 6 additions & 0 deletions modules/caddytls/folderloader.go
Original file line number Diff line number Diff line change
Expand Up @@ -150,6 +150,12 @@ func tlsCertFromCertAndKeyPEMBundle(bundle []byte) (tls.Certificate, error) {
return tls.Certificate{}, fmt.Errorf("no private key block found")
}

// if the start of the key file looks like an encrypted private key,
// reject it with a helpful error message
if strings.HasPrefix(string(keyPEMBytes[:40]), "ENCRYPTED") {
return tls.Certificate{}, fmt.Errorf("encrypted private keys are not supported; please decrypt the key first")
}

cert, err := tls.X509KeyPair(certPEMBytes, keyPEMBytes)
if err != nil {
return tls.Certificate{}, fmt.Errorf("making X509 key pair: %v", err)
Expand Down
9 changes: 9 additions & 0 deletions modules/caddytls/storageloader.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ package caddytls
import (
"crypto/tls"
"fmt"
"strings"

"github.com/caddyserver/certmagic"

Expand Down Expand Up @@ -88,8 +89,16 @@ func (sl StorageLoader) LoadCertificates() ([]Certificate, error) {
switch pair.Format {
case "":
fallthrough

case "pem":
// if the start of the key file looks like an encrypted private key,
// reject it with a helpful error message
if strings.Contains(string(keyData[:40]), "ENCRYPTED") {
return nil, fmt.Errorf("encrypted private keys are not supported; please decrypt the key first")
}

cert, err = tls.X509KeyPair(certData, keyData)

default:
return nil, fmt.Errorf("unrecognized certificate/key encoding format: %s", pair.Format)
}
Expand Down

0 comments on commit 25098cf

Please sign in to comment.