PKI: improve error message when parsing PEM bundles (openbao#760)

* PKI: improve error message when parsing PEM bundles Add block counter and add the block number to the error message Signed-off-by: Klaus Kiefer <[email protected]> * Update builtin/logical/pki/path_manage_issuers.go Signed-off-by: Alexander Scheel <[email protected]> --------- Signed-off-by: Klaus Kiefer <[email protected]> Signed-off-by: Alexander Scheel <[email protected]> Co-authored-by: Alexander Scheel <[email protected]>
klaus-sap · Nov 25, 2024 · 67674a4 · 67674a4
1 parent 72a1c59
commit 67674a4
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/builtin/logical/pki/path_manage_issuers.go b/builtin/logical/pki/path_manage_issuers.go
@@ -350,10 +350,13 @@ func (b *backend) pathImportIssuers(ctx context.Context, req *logical.Request, d
 	// them to validate no duplicate issuers exist (and place greater
 	// restrictions during parsing) but allows this code to accept OpenSSL
 	// parsed chains (with full textual output between PEM entries).
+	blockCounter := 0
 	for len(bytes.TrimSpace(pemBytes)) > 0 {
+		blockCounter++
 		pemBlock, pemBytes = pem.Decode(pemBytes)
 		if pemBlock == nil {
-			return logical.ErrorResponse("provided PEM block contained no data"), nil
+			msg := fmt.Sprintf("error when parsing block %d: invalid PEM data", blockCounter)
+			return logical.ErrorResponse(msg), nil
 		}
 
 		pemBlockString := string(pem.EncodeToMemory(pemBlock))