MB-48901. don't do pcks8 on root certificate

Change-Id: I4aa44d8f5e85bb04211ab7aa4cb7d03ac57b7c37 Reviewed-on: http://review.couchbase.org/c/query/+/163615 Reviewed-by: Isha Kandaswamy <isha@couchbase.com> Reviewed-by: Donald Haggart <donald.haggart@couchbase.com> Tested-by: Sitaram Vemulapalli <sitaram.vemulapalli@couchbase.com>
couchbase · Oct 13, 2021 · c1beada · c1beada
1 parent b364cf6
commit c1beada
Showing 1 changed file with 10 additions and 7 deletions.
diff --git a/datastore/couchbase/gcagent/client.go b/datastore/couchbase/gcagent/client.go
@@ -211,19 +211,22 @@ func (c *Client) Close() {
 
 // with the KV engine encrypted.
 func (c *Client) InitTLS(caFile, certFile, keyFile string, passphrase []byte) error {
-	if len(caFile) > 0 {
-		certFile = caFile
-	}
-	serverCert, err := ioutil.ReadFile(certFile)
+	certs, err := ntls.LoadX509KeyPair(certFile, keyFile, passphrase)
 	if err != nil {
 		return err
 	}
-	CA_Pool := x509.NewCertPool()
-	CA_Pool.AppendCertsFromPEM(serverCert)
-	certs, err := ntls.LoadX509KeyPair(certFile, keyFile, passphrase)
+
+	if len(caFile) == 0 {
+		caFile = certFile
+	}
+
+	serverCert, err := ioutil.ReadFile(caFile)
 	if err != nil {
 		return err
 	}
+
+	CA_Pool := x509.NewCertPool()
+	CA_Pool.AppendCertsFromPEM(serverCert)
 	c.mutex.Lock()
 	// Set values for certs and passphrase
 	c.certs = &certs