diff options
Diffstat (limited to 'modules/caddytls/storageloader.go')
| -rw-r--r-- | modules/caddytls/storageloader.go | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/modules/caddytls/storageloader.go b/modules/caddytls/storageloader.go index f9f0e7e6..c9487e89 100644 --- a/modules/caddytls/storageloader.go +++ b/modules/caddytls/storageloader.go @@ -17,6 +17,7 @@ package caddytls import ( "crypto/tls" "fmt" + "strings" "github.com/caddyserver/certmagic" @@ -88,8 +89,16 @@ func (sl StorageLoader) LoadCertificates() ([]Certificate, error) { switch pair.Format { case "": fallthrough + case "pem": + // if the start of the key file looks like an encrypted private key, + // reject it with a helpful error message + if strings.Contains(string(keyData[:40]), "ENCRYPTED") { + return nil, fmt.Errorf("encrypted private keys are not supported; please decrypt the key first") + } + cert, err = tls.X509KeyPair(certData, keyData) + default: return nil, fmt.Errorf("unrecognized certificate/key encoding format: %s", pair.Format) } |