X-Git-Url: http://www.git.cypherpunks.ru/?p=ucspi.git;a=blobdiff_plain;f=x509.go;h=c8d9f9e1c234774f991c5127a567ce9c6da18d19;hp=0743ba0b0c1734d2aab322a9d0fa850186f4807c;hb=f519c4e470d63240c045c27951df3ed9de0471e9;hpb=57c1e9924fef3fe07dfa9b3d5b996b50d0c08f17

diff --git a/x509.go b/x509.go
index 0743ba0..c8d9f9e 100644
--- a/x509.go
+++ b/x509.go
@@ -1,6 +1,6 @@
 /*
 ucspi -- UCSPI-related utilities
-Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
+Copyright (C) 2021-2022 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
@@ -30,17 +30,19 @@ func CertificateFromFile(p string) (b []byte, c *x509.Certificate, err error) {
 	if err != nil {
 		return
 	}
-	block, data := pem.Decode(data)
-	if block == nil {
-		err = errors.New("can not decode PEM")
-		return
-	}
-	if block.Type != "CERTIFICATE" {
-		err = errors.New("non CERTIFICATE found in PEM")
-		return
+	var block *pem.Block
+	for len(data) > 0 {
+		block, data = pem.Decode(data)
+		if block == nil {
+			continue
+		}
+		if block.Type == "CERTIFICATE" {
+			b = block.Bytes
+			c, err = x509.ParseCertificate(b)
+			return
+		}
 	}
-	b = block.Bytes
-	c, err = x509.ParseCertificate(b)
+	err = errors.New("no CERTIFICATE found in PEM")
 	return
 }
 
@@ -50,20 +52,22 @@ func PrivateKeyFromFile(p string) (prv interface{}, err error) {
 	if err != nil {
 		return
 	}
-	block, data := pem.Decode(data)
-	if block == nil {
-		err = errors.New("can not decode PEM")
-		return
-	}
-	data = block.Bytes
-	switch block.Type {
-	case "PRIVATE KEY":
-		prv, err = x509.ParsePKCS8PrivateKey(data)
-	case "EC PRIVATE KEY":
-		prv, err = x509.ParseECPrivateKey(data)
-	default:
-		err = errors.New("non PRIVATE KEY found in PEM")
+	var block *pem.Block
+	for len(data) > 0 {
+		block, data = pem.Decode(data)
+		if block == nil {
+			continue
+		}
+		switch block.Type {
+		case "PRIVATE KEY":
+			prv, err = x509.ParsePKCS8PrivateKey(block.Bytes)
+			return
+		case "EC PRIVATE KEY":
+			prv, err = x509.ParseECPrivateKey(block.Bytes)
+			return
+		}
 	}
+	err = errors.New("no PRIVATE KEY found in PEM")
 	return
 }