Imported Upstream version 2011.02.15upstream/2011.02.15

2 files changed, 15 insertions, 6 deletions

diff --git a/src/pkg/crypto/tls/handshake_server.go b/src/pkg/crypto/tls/handshake_server.go
index af46ea511..809c8c15e 100644
--- a/src/pkg/crypto/tls/handshake_server.go
+++ b/src/pkg/crypto/tls/handshake_server.go
@@ -57,6 +57,7 @@ Curves:
 
 	var suite *cipherSuite
 	var suiteId uint16
+FindCipherSuite:
 	for _, id := range clientHello.cipherSuites {
 		for _, supported := range config.cipherSuites() {
 			if id == supported {
@@ -67,7 +68,7 @@ Curves:
 					continue
 				}
 				suiteId = id
-				break
+				break FindCipherSuite
 			}
 		}
 	}
diff --git a/src/pkg/crypto/tls/tls.go b/src/pkg/crypto/tls/tls.go
index b11d3225d..e8290d728 100644
--- a/src/pkg/crypto/tls/tls.go
+++ b/src/pkg/crypto/tls/tls.go
@@ -124,14 +124,22 @@ func LoadX509KeyPair(certFile string, keyFile string) (cert Certificate, err os.
 		return
 	}
 
-	certDERBlock, _ := pem.Decode(certPEMBlock)
-	if certDERBlock == nil {
+	var certDERBlock *pem.Block
+	for {
+		certDERBlock, certPEMBlock = pem.Decode(certPEMBlock)
+		if certDERBlock == nil {
+			break
+		}
+		if certDERBlock.Type == "CERTIFICATE" {
+			cert.Certificate = append(cert.Certificate, certDERBlock.Bytes)
+		}
+	}
+
+	if len(cert.Certificate) == 0 {
 		err = os.ErrorString("crypto/tls: failed to parse certificate PEM data")
 		return
 	}
 
-	cert.Certificate = [][]byte{certDERBlock.Bytes}
-
 	keyPEMBlock, err := ioutil.ReadFile(keyFile)
 	if err != nil {
 		return
@@ -153,7 +161,7 @@ func LoadX509KeyPair(certFile string, keyFile string) (cert Certificate, err os.
 
 	// We don't need to parse the public key for TLS, but we so do anyway
 	// to check that it looks sane and matches the private key.
-	x509Cert, err := x509.ParseCertificate(certDERBlock.Bytes)
+	x509Cert, err := x509.ParseCertificate(cert.Certificate[0])
 	if err != nil {
 		return
 	}