Allow blocks in pem files in any order

GODRIVER-287 Closes #39 Change-Id: Id3cb2d6d2143844b5a27d3b45f967220caaff48c
mongodb · Apr 10, 2018 · b9b5bc1 · b9b5bc1
1 parent d3ebe37
commit b9b5bc1
Showing 1 changed file with 6 additions and 3 deletions.
diff --git a/core/connection/tlsconfig.go b/core/connection/tlsconfig.go
@@ -91,9 +91,6 @@ func (c *TLSConfig) AddClientCertFromFile(clientFile string) (string, error) {
 			certDecodedBlock = currentBlock.Bytes
 			start += len(certBlock)
 		} else if strings.HasSuffix(currentBlock.Type, "PRIVATE KEY") {
-			if len(certBlock) == 0 {
-				return "", fmt.Errorf("failed to find CERTIFICATE but did find private key; PEM inputs may be switched")
-			}
 			if c.clientCertPass != nil && x509.IsEncryptedPEMBlock(currentBlock) {
 				var encoded bytes.Buffer
 				buf, err := x509.DecryptPEMBlock(currentBlock, []byte(c.clientCertPass()))
@@ -110,6 +107,12 @@ func (c *TLSConfig) AddClientCertFromFile(clientFile string) (string, error) {
 			}
 		}
 	}
+	if len(certBlock) == 0 {
+		return "", fmt.Errorf("failed to find CERTIFICATE")
+	}
+	if len(keyBlock) == 0 {
+		return "", fmt.Errorf("failed to find PRIVATE KEY")
+	}
 
 	cert, err := tls.X509KeyPair(certBlock, keyBlock)
 	if err != nil {