From b5559127534a0f8bd04dba27163fe6abd75c43fd Mon Sep 17 00:00:00 2001
From: Leonid Bugaev <leonsbox@gmail.com>
Date: Wed, 10 Jul 2019 20:16:34 +0300
Subject: [PATCH] Fix retrieval of private certificates from Hybrid env

When certificate is decoded we should update PEM type and remove headers

Fix https://github.com/TykTechnologies/tyk/issues/2390
---
 certs/manager.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/certs/manager.go b/certs/manager.go
index 15af13fb05b..755bf877fb7 100644
--- a/certs/manager.go
+++ b/certs/manager.go
@@ -105,6 +105,8 @@ func ParsePEM(data []byte, secret string) ([]*pem.Block, error) {
 		if x509.IsEncryptedPEMBlock(block) {
 			var err error
 			block.Bytes, err = x509.DecryptPEMBlock(block, []byte(secret))
+			block.Headers = nil
+			block.Type = strings.Replace(block.Type, "ENCRYPTED ", "", 1)
 
 			if err != nil {
 				return nil, err
@@ -270,6 +272,7 @@ func (c *CertificateManager) List(certIDs []string, mode CertificateType) (out [
 		cert, err = ParsePEMCertificate(rawCert, c.secret)
 		if err != nil {
 			c.logger.Error("Error while parsing certificate: ", id, " ", err)
+			c.logger.Error("Failed certificate: ", string(rawCert))
 			out = append(out, nil)
 			continue
 		}