From d2e964a9da37fcf5a30e81ea208e9b2023a2ce8f Mon Sep 17 00:00:00 2001
From: Brad Fitzpatrick <brad@danga.com>
Date: Fri, 8 Aug 2014 10:58:56 -0700
Subject: [PATCH] webserver: use wkfs for tls cert/key

Change-Id: Ifdccd5421f54bad206b03d48bad264c3a4539e70
---
 pkg/webserver/webserver.go | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/pkg/webserver/webserver.go b/pkg/webserver/webserver.go
index 8879bb4b7..a20ffb4b6 100644
--- a/pkg/webserver/webserver.go
+++ b/pkg/webserver/webserver.go
@@ -37,6 +37,7 @@ import (
 	"time"
 
 	"camlistore.org/pkg/throttle"
+	"camlistore.org/pkg/wkfs"
 	"camlistore.org/third_party/github.com/bradfitz/runsit/listen"
 )
 
@@ -172,7 +173,8 @@ func (s *Server) Listen(addr string) error {
 			NextProtos: []string{"http/1.1"},
 		}
 		config.Certificates = make([]tls.Certificate, 1)
-		config.Certificates[0], err = tls.LoadX509KeyPair(s.tlsCertFile, s.tlsKeyFile)
+
+		config.Certificates[0], err = loadX509KeyPair(s.tlsCertFile, s.tlsKeyFile)
 		if err != nil {
 			return fmt.Errorf("Failed to load TLS cert: %v", err)
 		}
@@ -240,3 +242,16 @@ func runTestHarnessIntegration(listener net.Listener) {
 		}
 	}
 }
+
+// loadX509KeyPair is a copy of tls.LoadX509KeyPair but using wkfs.
+func loadX509KeyPair(certFile, keyFile string) (cert tls.Certificate, err error) {
+	certPEMBlock, err := wkfs.ReadFile(certFile)
+	if err != nil {
+		return
+	}
+	keyPEMBlock, err := wkfs.ReadFile(keyFile)
+	if err != nil {
+		return
+	}
+	return tls.X509KeyPair(certPEMBlock, keyPEMBlock)
+}