logger.V(2).Debugf("trying to load identity %q from root path %q", serviceIdentity, certDirectory)
leafPath := path.Join(certDirectory, "cert.pem")
+ fullchainPath := path.Join(certDirectory, "fullchain.pem")
chainPath := path.Join(certDirectory, "chain.pem")
keyPath := path.Join(certDirectory, "privkey.pem")
rootPath := path.Join(mtlsRootPath, "rootca.pem")
- for _, file := range []string{leafPath, chainPath, keyPath, rootPath} {
+ if leafErr := fsutil.FileExistsAndIsReadable(leafPath); leafErr != nil {
+ err := fsutil.FileExistsAndIsReadable(fullchainPath)
+ if err == nil {
+ logger.V(2).Debugf("Leaf file %s not accessible, using fullchain %s", leafPath, fullchainPath)
+ leafPath = fullchainPath
+ } else {
+ logger.V(2).Errorf(
+ "cannot load identity %q from %s: cannot read from either possible leaf "+
+ "certificate path:\n %s: %v\n %s: %v",
+ serviceIdentity, certDirectory, leafPath, leafErr, fullchainPath, err)
+ return nil, err
+ }
+ }
+ if chainErr := fsutil.FileExistsAndIsReadable(chainPath); chainErr != nil {
+ err := fsutil.FileExistsAndIsReadable(fullchainPath)
+ if err == nil {
+ logger.V(2).Debugf("Chain file %s not accessible, using fullchain %s", chainPath, fullchainPath)
+ chainPath = fullchainPath
+ } else {
+ logger.V(2).Errorf(
+ "cannot load identity %q from %s: cannot read from either possible "+
+ "intermediate chain path:\n %s: %v\n %s: %v",
+ serviceIdentity, certDirectory, chainPath, chainErr, fullchainPath, err)
+ }
+ }
+ for _, file := range []string{keyPath, rootPath} {
if err := fsutil.FileExistsAndIsReadable(file); err != nil {
logger.V(2).Errorf("cannot load identity %q from %s: error reading file %q: %v", serviceIdentity, certDirectory, file, err)
return nil, err
projects / runtime.git / commitdiff