From c6bca076e714b08531962fc1fb83930fb0f6e8bc Mon Sep 17 00:00:00 2001
From: Pea Nut <peanut2@systemli.org>
Date: Wed, 16 Oct 2024 10:54:22 +0200
Subject: [PATCH] Improve error handling when checking downloaded pem cert

We access pkBlock.Type later and pkBlock can be nil here.
---
 pkg/vpn/openvpn.go | 7 ++++---
 pkg/vpn/utils.go   | 5 +++--
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/pkg/vpn/openvpn.go b/pkg/vpn/openvpn.go
index 7e4f8150..871f5418 100644
--- a/pkg/vpn/openvpn.go
+++ b/pkg/vpn/openvpn.go
@@ -329,9 +329,10 @@ func (b *Bitmask) getCert() error {
 	}
 
 	b.certPemPath = b.getTempCertPemPath()
-	// If we start OpenVPN, openvpn.pem does not exist and isValidCert returns false
-	// If we start OpenVPN later again (not restarting the  client), there
-	// should be a valid openvpn.pem
+	// If we start OpenVPN for  the first time, openvpn.pem does not exist
+	// and isValidCert returns false
+	// If we start OpenVPN later again (not restarting the client), there
+	// should be a valid openvpn.pem and isValidCert should return true
 	// If there is no valid openvpn.pem, fetch a new one from menshen
 	// Note: b.tempdir is unique for every run of the desktop client
 	if !isValidCert(b.certPemPath) {
diff --git a/pkg/vpn/utils.go b/pkg/vpn/utils.go
index 6b606d82..bfa593a7 100644
--- a/pkg/vpn/utils.go
+++ b/pkg/vpn/utils.go
@@ -40,18 +40,19 @@ func isUpgradeAvailable() bool {
 func isValidCert(path string) bool {
 	log.Trace().
 		Str("path", path).
-		Msg("Checking for a valid OpenVPN client credentials (key and certificate)")
+		Msg("Checking for valid OpenVPN client credentials (key and certificate)")
 
 	data, err := ioutil.ReadFile(path)
 	if err != nil {
 		log.Debug().
 			Str("path", path).
+			Str("err", err.Error()).
 			Msg("Could not read certificate file")
 		return false
 	}
 
 	pkBlock, rest := pem.Decode(data)
-	if rest == nil {
+	if rest == nil || pkBlock == nil {
 		log.Warn().
 			Str("data", string(data)).
 			Msg("Could not decode pem data")
-- 
GitLab