couper doesn't recognize PEM file format with new line at the end of a file

[wilhelmmailaender]

Describe the bug couper doesn't recognize a PEM certificate file if it ends with a newline.

[malud]

So we will assume that @wilhelmmailaender tries to configure a generic certificate for all outgoing connections from Couper.

Can be reproduced with:

ssh-keygen -t rsa -b 2048 -f ./couper_rsa -C "Couper" -q -N "" && echo "\n" >> ./couper_rsa 

couper run -f public/couper.hcl -ca-file=couper_rsa

# error parsing pem ca-certificate: missing pem block

couper version
1.12.0 2023-01-30 8ea8f09
go version go1.19.5 darwin/amd64

We need to trim possible extra whitespaces after -----END OPENSSH PRIVATE KEY-----\n

[rcanavan]

I think you should ignore everything outside of the ----- BEGIN ... and matching ----- END... statement(s), since multiple keys or certificates each with comments before the header may be included in a PEM file.

[filex]

I had a case with leading text (human readable infos on subject, issuer…) in a PEM chain. The characters before the first cert and between two certs did not cause any issues. It was only trailing stuff. Removing trailing white spaces did solve the problem. But I didn’t check whether trailing non-whitespace also causes the error.

[johakoch]

As pem.Decode() is able to ignore stuff preceeding a PEM message, I'd propose to modify the loop around this function call in readCertificateFile() (command/run.go) so that it has a non-error exit with block == nil.

However, I currently don't fully understand readCertificateFile()'s purpose, as it seems quite happy with a PEM file that does not contain a certificate but e.g. a public key.