caddypki: Allow use of root CA without a key. Fixes #6290 (#6298)

* Allow usage of root CA without a key. Fixes #6290 * Update modules/caddypki/crypto.go --------- Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
author: Florian Apolloner <florian@apolloner.eu> 2024-05-07 05:38:26 +0200
committer: GitHub <noreply@github.com> 2024-05-07 03:38:26 +0000
commit: c97292b255c144dfa9f1ea1dfcdec3b82717110d (patch)
tree: 0e68c5c848742ff8b26cab8206e2bf79137f3aa2
parent: b52271061d2524d2e5ca46946e9288f664da51c5 (diff)
1 files changed, 11 insertions, 8 deletions
diff --git a/modules/caddypki/crypto.go b/modules/caddypki/crypto.go
index 386ce629..324a4fcf 100644
--- a/modules/caddypki/crypto.go
+++ b/modules/caddypki/crypto.go
@@ -78,18 +78,21 @@ func (kp KeyPair) Load() (*x509.Certificate, crypto.Signer, error) {
 		if err != nil {
 			return nil, nil, err
 		}
-		keyData, err := os.ReadFile(kp.PrivateKey)
-		if err != nil {
-			return nil, nil, err
-		}
-
 		cert, err := pemDecodeSingleCert(certData)
 		if err != nil {
 			return nil, nil, err
 		}
-		key, err := certmagic.PEMDecodePrivateKey(keyData)
-		if err != nil {
-			return nil, nil, err
+
+		var key crypto.Signer
+		if kp.PrivateKey != "" {
+			keyData, err := os.ReadFile(kp.PrivateKey)
+			if err != nil {
+				return nil, nil, err
+			}
+			key, err = certmagic.PEMDecodePrivateKey(keyData)
+			if err != nil {
+				return nil, nil, err
+			}
 		}
 
 		return cert, key, nil
author	Florian Apolloner <florian@apolloner.eu>	2024-05-07 05:38:26 +0200
committer	GitHub <noreply@github.com>	2024-05-07 03:38:26 +0000
commit	c97292b255c144dfa9f1ea1dfcdec3b82717110d (patch)
tree	0e68c5c848742ff8b26cab8206e2bf79137f3aa2
parent	b52271061d2524d2e5ca46946e9288f664da51c5 (diff)