diff --git a/builtin/logical/pki/path_manage_issuers.go b/builtin/logical/pki/path_manage_issuers.go index c4de4a1462..4311875a24 100644 --- a/builtin/logical/pki/path_manage_issuers.go +++ b/builtin/logical/pki/path_manage_issuers.go @@ -350,10 +350,13 @@ func (b *backend) pathImportIssuers(ctx context.Context, req *logical.Request, d // them to validate no duplicate issuers exist (and place greater // restrictions during parsing) but allows this code to accept OpenSSL // parsed chains (with full textual output between PEM entries). + blockCounter := 0 for len(bytes.TrimSpace(pemBytes)) > 0 { + blockCounter++ pemBlock, pemBytes = pem.Decode(pemBytes) if pemBlock == nil { - return logical.ErrorResponse("provided PEM block contained no data"), nil + msg := fmt.Sprintf("error when parsing block %d: invalid PEM data", blockCounter) + return logical.ErrorResponse(msg), nil } pemBlockString := string(pem.EncodeToMemory(pemBlock))