Return an error if kv store CA cert is invalid

2018-10-01 08:24:03 -07:00
parent 8d8e509fe6
commit 61e1836472
1 changed files with 3 additions and 1 deletions
--- a/types/types.go
+++ b/types/types.go
@@ -528,7 +528,9 @@ func (clientTLS *ClientTLS) CreateTLSConfig() (*tls.Config, error) {
 		} else {
 			ca = []byte(clientTLS.CA)
 		}
-		caPool.AppendCertsFromPEM(ca)
+		if !caPool.AppendCertsFromPEM(ca) {
+			return nil, fmt.Errorf("failed to parse CA")
+		}
 		if clientTLS.CAOptional {
 			clientAuth = tls.VerifyClientCertIfGiven
 		} else {