From 446032927e7b29cd872f17220b77d3a58aa20ee1 Mon Sep 17 00:00:00 2001
From: David Hontecillas <dhontecillas@gmail.com>
Date: Wed, 3 Jul 2024 18:36:35 +0200
Subject: [PATCH] use list of certificates for serving TLS

---
 transport/http/server/server.go | 27 +++++++++++++++++++++++----
 1 file changed, 23 insertions(+), 4 deletions(-)

diff --git a/transport/http/server/server.go b/transport/http/server/server.go
index 5d4389a43..9d6281258 100644
--- a/transport/http/server/server.go
+++ b/transport/http/server/server.go
@@ -116,14 +116,33 @@ func RunServerWithLoggerFactory(l logging.Logger) func(context.Context, config.S
 				done <- s.ListenAndServe()
 			}()
 		} else {
-			if cfg.TLS.PublicKey == "" {
+			if len(cfg.TLS.PublicKey) > 0 || len(cfg.TLS.PrivateKey) > 0 {
+				cfg.TLS.Keys = append(cfg.TLS.Keys, config.TLSKeyPair{
+					PublicKey:  cfg.TLS.PublicKey,
+					PrivateKey: cfg.TLS.PrivateKey,
+				})
+			}
+			if len(cfg.TLS.Keys) == 0 {
 				return ErrPublicKey
 			}
-			if cfg.TLS.PrivateKey == "" {
-				return ErrPrivateKey
+			for _, k := range cfg.TLS.Keys {
+				if k.PublicKey == "" {
+					return ErrPublicKey
+				}
+				if k.PrivateKey == "" {
+					return ErrPrivateKey
+				}
+				cert, err := tls.LoadX509KeyPair(k.PublicKey, k.PrivateKey)
+				if err != nil {
+					return err
+				}
+				s.TLSConfig.Certificates = append(s.TLSConfig.Certificates, cert)
 			}
+
 			go func() {
-				done <- s.ListenAndServeTLS(cfg.TLS.PublicKey, cfg.TLS.PrivateKey)
+				// since we already use the list of certificates in the config
+				// we do not need to specify the files for public and private key here
+				done <- s.ListenAndServeTLS("", "")
 			}()
 		}