From 61e18364726a3b0f26a0f38863051799115c09cf Mon Sep 17 00:00:00 2001
From: Fabrice <jfr@core-services.fr>
Date: Mon, 1 Oct 2018 08:24:03 -0700
Subject: [PATCH] Return an error if kv store CA cert is invalid

---
 types/types.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/types/types.go b/types/types.go
index a3dd62078..99393afb5 100644
--- a/types/types.go
+++ b/types/types.go
@@ -528,7 +528,9 @@ func (clientTLS *ClientTLS) CreateTLSConfig() (*tls.Config, error) {
 		} else {
 			ca = []byte(clientTLS.CA)
 		}
-		caPool.AppendCertsFromPEM(ca)
+		if !caPool.AppendCertsFromPEM(ca) {
+			return nil, fmt.Errorf("failed to parse CA")
+		}
 		if clientTLS.CAOptional {
 			clientAuth = tls.VerifyClientCertIfGiven
 		} else {