From 90ccbd0fb16986696c45788e400848522fba56f4 Mon Sep 17 00:00:00 2001
From: Pascal Budner <mail@pascalbudner.de>
Date: Mon, 16 Mar 2020 17:41:50 +0100
Subject: [PATCH 1/2] Fixes #2889 by supporting CRLF and LF certificates and
 adding logging when parsing certificates

Signed-off-by: Pascal Budner <mail@pascalbudner.de>
---
 lib/fluent/plugin_helper/cert_option.rb | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/lib/fluent/plugin_helper/cert_option.rb b/lib/fluent/plugin_helper/cert_option.rb
index bf8414d7ba..611229cf43 100644
--- a/lib/fluent/plugin_helper/cert_option.rb
+++ b/lib/fluent/plugin_helper/cert_option.rb
@@ -171,9 +171,12 @@ def cert_option_generate_server_pair_self_signed(generate_opts)
 
       def cert_option_certificates_from_file(path)
         data = File.read(path)
-        pattern = Regexp.compile('-+BEGIN CERTIFICATE-+\n(?:[^-]*\n)+-+END CERTIFICATE-+\n?', Regexp::MULTILINE)
+        pattern = Regexp.compile('-+BEGIN CERTIFICATE-+\r?\n(?:[^-]*\r?\n)+-+END CERTIFICATE-+\r?\n?', Regexp::MULTILINE)
         list = []
         data.scan(pattern){|match| list << OpenSSL::X509::Certificate.new(match) }
+        if list.length() == 0
+          log.warn "cert_path does not contain a valid certificate"
+        end
         list
       end
     end

From dac49314d4e9738fccc644c4824dcfb0350be929 Mon Sep 17 00:00:00 2001
From: Pascal Budner <mail@pascalbudner.de>
Date: Tue, 17 Mar 2020 07:28:30 +0100
Subject: [PATCH 2/2] Added test for CRLF certificates

Signed-off-by: Pascal Budner <mail@pascalbudner.de>
---
 lib/fluent/plugin_helper/cert_option.rb       |  2 +-
 .../data/cert/cert-with-CRLF.pem              | 19 +++++++++++++++++++
 test/plugin_helper/test_cert_option.rb        |  2 ++
 3 files changed, 22 insertions(+), 1 deletion(-)
 create mode 100644 test/plugin_helper/data/cert/cert-with-CRLF.pem

diff --git a/lib/fluent/plugin_helper/cert_option.rb b/lib/fluent/plugin_helper/cert_option.rb
index 611229cf43..a89a5c7257 100644
--- a/lib/fluent/plugin_helper/cert_option.rb
+++ b/lib/fluent/plugin_helper/cert_option.rb
@@ -174,7 +174,7 @@ def cert_option_certificates_from_file(path)
         pattern = Regexp.compile('-+BEGIN CERTIFICATE-+\r?\n(?:[^-]*\r?\n)+-+END CERTIFICATE-+\r?\n?', Regexp::MULTILINE)
         list = []
         data.scan(pattern){|match| list << OpenSSL::X509::Certificate.new(match) }
-        if list.length() == 0
+        if list.length == 0
           log.warn "cert_path does not contain a valid certificate"
         end
         list
diff --git a/test/plugin_helper/data/cert/cert-with-CRLF.pem b/test/plugin_helper/data/cert/cert-with-CRLF.pem
new file mode 100644
index 0000000000..ec02dc79b5
--- /dev/null
+++ b/test/plugin_helper/data/cert/cert-with-CRLF.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDLDCCAhSgAwIBAgIIEJHFsHrKBGYwDQYJKoZIhvcNAQELBQAwJjEQMA4GA1UE
+ChMHRmx1ZW50ZDESMBAGA1UEAxMJbG9jYWxob3N0MB4XDTE5MDYxOTA1MTM0NVoX
+DTE5MDkxODExMTg0NVowJjEQMA4GA1UEChMHRmx1ZW50ZDESMBAGA1UEAxMJbG9j
+YWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArbUTk5n5RruI
+QGhK1T8g/emKonlfWNMSj/J/f/U9NJ14ugIxyHBMqx4WaTyA4zjT2VJO5tRBe385
+zlIUf8i+x7Ovt/MgsjiwXyKv7qdsE5KHLq+VXJfA+s5vAAyzBHY/BA7xxh/QqCI8
+a/a1OyHyaQ9pFRFXtQBlTH7Fc1qSw5Yg0EXofa6YIBQuDjfqa7FRPj+bEWDO5PUq
+OMzH5XKBUPS9GLHOqia0CnzF2a51TArC0Dl1oNFa7myVmjBuNtkG88Fkd7YNzGa+
+sNBJPmuGvFXuU3XPEnrtARO/SG4g9/MQUvfMI3jFFOJAMmEKd8QXxO5FgIuEnaNO
+hVRVH/e9wwIDAQABo14wXDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB
+BQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFPLdOVnVWuuB
+7Pnvpgte4BHitzFYMA0GCSqGSIb3DQEBCwUAA4IBAQBp8LAzjWIJapwTBnnivwZk
+D6Lr028mZIacbBZKsmmPi0VvDFqCvUAbHN8ytPlRBWnvvkihDkZs1TwcDCXGsWYs
+dNNwsYGpk3mQxsHQ9atvy0mQGLDlfaSs/329bfVCw1cPFo9n+MeivSBoE6asdIbH
+tOW3kk1XtJZ2qQJJRvexFImZc0z8c2cG0+eR5hQxQd9bLnAczi/8mZ8VzaU/O3UU
+OJoVuyp0AA8f2f0f1QDaeH9stWZtJQj3ZX1DWHRE3OmVkoBdlt8EHYGggtvQaLIF
+XbHigLHzYztMjmDt4fmRczu/Fu6M4xNro8jLgjiIjqlLBjDZiKrSbOwgyebwFDlv
+-----END CERTIFICATE-----
diff --git a/test/plugin_helper/test_cert_option.rb b/test/plugin_helper/test_cert_option.rb
index e0b0f7dab9..faf52aa011 100644
--- a/test/plugin_helper/test_cert_option.rb
+++ b/test/plugin_helper/test_cert_option.rb
@@ -12,5 +12,7 @@ class Dummy < Fluent::Plugin::TestBase
     assert_equal(1, certs.length)
     certs = d.cert_option_certificates_from_file("test/plugin_helper/data/cert/cert-with-no-newline.pem")
     assert_equal(1, certs.length)
+    certs = d.cert_option_certificates_from_file("test/plugin_helper/data/cert/cert-with-CRLF.pem")
+    assert_equal(1, certs.length)
   end
 end