caddypki: Allow use of root CA without a key. Fixes #6290 (#6298)

* Allow usage of root CA without a key. Fixes #6290 * Update modules/caddypki/crypto.go --------- Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2024-12-16 21:56:40 -05:00 · 2024-05-07 05:38:26 +02:00 · 2024-05-07 05:38:26 +02:00 · c97292b255
commit c97292b255
parent b52271061d
1 changed files with 11 additions and 8 deletions
--- a/modules/caddypki/crypto.go
+++ b/modules/caddypki/crypto.go
@ -78,18 +78,21 @@ func (kp KeyPair) Load() (*x509.Certificate, crypto.Signer, error) {
 		if err != nil {
 			return nil, nil, err
 		}
-		keyData, err := os.ReadFile(kp.PrivateKey)
-		if err != nil {
-			return nil, nil, err
-		}
-
 		cert, err := pemDecodeSingleCert(certData)
 		if err != nil {
 			return nil, nil, err
 		}
-		key, err := certmagic.PEMDecodePrivateKey(keyData)
-		if err != nil {
-			return nil, nil, err
+
+		var key crypto.Signer
+		if kp.PrivateKey != "" {
+			keyData, err := os.ReadFile(kp.PrivateKey)
+			if err != nil {
+				return nil, nil, err
+			}
+			key, err = certmagic.PEMDecodePrivateKey(keyData)
+			if err != nil {
+				return nil, nil, err
+			}
 		}

 		return cert, key, nil