in transport/tlscommon/tls.go [37:85]
func LoadCertificate(config *CertificateConfig) (*tls.Certificate, error) {
if err := config.Validate(); err != nil {
return nil, err
}
certificate := config.Certificate
key := config.Key
if certificate == "" {
return nil, nil
}
log := logp.NewLogger(logSelector)
passphrase := config.Passphrase
if passphrase == "" && config.PassphrasePath != "" {
p, err := os.ReadFile(config.PassphrasePath)
if err != nil {
return nil, fmt.Errorf("unable to read passphrase_file: %w", err)
}
passphrase = string(p)
}
certPEM, err := ReadPEMFile(log, certificate, passphrase)
if err != nil {
log.Errorf("Failed reading certificate file %v: %+v", certificate, err)
return nil, fmt.Errorf("%w %v", err, certificate)
}
keyPEM, err := ReadPEMFile(log, key, passphrase)
if err != nil {
log.Errorf("Failed reading key file: %+v", err)
return nil, fmt.Errorf("%w %v", err, key)
}
cert, err := tls.X509KeyPair(certPEM, keyPEM)
if err != nil {
log.Errorf("Failed loading client certificate %+v", err)
return nil, err
}
// Do not log the key if it was provided as a string in the configuration to avoid
// leaking private keys in the debug logs. Log when the key is a file path.
if IsPEMString(key) {
log.Debugf("Loading certificate: %v with key from PEM string in config", certificate)
} else {
log.Debugf("Loading certificate: %v and key %v", certificate, key)
}
return &cert, nil
}