Trim leading/trailing space around PEM bundles.

Fixes #1634
2026-06-04 14:25:35 -04:00 · 2016-07-20 13:57:49 -04:00 · 2016-07-20 13:57:49 -04:00 · fda9473681
commit fda9473681
parent 46ecb9a660
3 changed files with 4 additions and 2 deletions
--- a/command/server/listener.go
+++ b/command/server/listener.go
@ -75,7 +75,7 @@ func listenerWrapTLS(

 	tlsConf := &tls.Config{}
 	tlsConf.GetCertificate = cg.getCertificate
-	tlsConf.NextProtos = []string{"http/1.1"}
+	tlsConf.NextProtos = []string{"h2", "http/1.1"}
 	tlsConf.MinVersion, ok = tlsutil.TLSLookup[tlsvers]
 	if !ok {
 		return nil, nil, nil, fmt.Errorf("'tls_min_version' value %s not supported, please specify one of [tls10,tls11,tls12]", tlsvers)
--- a/helper/certutil/helpers.go
+++ b/helper/certutil/helpers.go
@ -109,6 +109,8 @@ func ParsePEMBundle(pemBundle string) (*ParsedCertBundle, error) {
 		return nil, UserError{"empty pem bundle"}
 	}

+	pemBundle = strings.TrimSpace(pemBundle)
+
 	pemBytes := []byte(pemBundle)
 	var pemBlock *pem.Block
 	parsedBundle := &ParsedCertBundle{}
--- a/helper/certutil/types.go
+++ b/helper/certutil/types.go
@ -437,7 +437,7 @@ func (p *ParsedCertBundle) GetTLSConfig(usage TLSUsage) (*tls.Config, error) {
 	}

 	tlsConfig := &tls.Config{
-		NextProtos: []string{"http/1.1"},
+		NextProtos: []string{"h2", "http/1.1"},
 		MinVersion: tls.VersionTLS12,
 	}