func (v *Validator) certificateAuthorities(ctx context.Context, input *data.Data, conf *config.VirtualContainerHostConfigSpec) {
defer trace.End(trace.Begin(""))
if len(input.ClientCAs) == 0 {
// if there's no data supplied then we're configuring without client verification
log.Debug("Configuring without client verification due to empty certificate authorities")
return
}
// ensure TLS is configurable
if len(input.CertPEM) == 0 {
v.NoteIssue(errors.New("Certificate authority specified, but no TLS certificate provided"))
return
}
// check a CA can be loaded
pool := x509.NewCertPool()
if !pool.AppendCertsFromPEM(input.ClientCAs) {
v.NoteIssue(errors.New("Unable to load certificate authority data"))
return
}
conf.CertificateAuthorities = input.ClientCAs
}