From 19ea2cbf752d1906fcc19c8a3bcdda5ad69d51c2 Mon Sep 17 00:00:00 2001
From: Matthew Holt <Matthew.Holt+git@gmail.com>
Date: Mon, 11 Jan 2016 10:02:28 -0700
Subject: [PATCH] Fix PEM decoding if file ends with multiple newlines

This method more closely reflects how crypto/tls does it here: https://golang.org/src/crypto/tls/tls.go?s=5139:5210#L174
---
 acme/crypto.go | 23 +++++++++++------------
 1 file changed, 11 insertions(+), 12 deletions(-)

diff --git a/acme/crypto.go b/acme/crypto.go
index 9bd199ef..b9623042 100644
--- a/acme/crypto.go
+++ b/acme/crypto.go
@@ -177,22 +177,21 @@ func performECDH(priv *ecdsa.PrivateKey, pub *ecdsa.PublicKey, outLen int, label
 // a slice of x509 certificates. This function will error if no certificates are found.
 func parsePEMBundle(bundle []byte) ([]*x509.Certificate, error) {
 	var certificates []*x509.Certificate
+	var certDERBlock *pem.Block
 
-	remaining := bundle
-	for len(remaining) != 0 {
-		certBlock, rem := pem.Decode(remaining)
-		// Thanks golang for having me do this :[
-		remaining = rem
-		if certBlock == nil {
-			return nil, errors.New("Could not decode certificate.")
+	for {
+		certDERBlock, bundle = pem.Decode(bundle)
+		if certDERBlock == nil {
+			break
 		}
 
-		cert, err := x509.ParseCertificate(certBlock.Bytes)
-		if err != nil {
-			return nil, err
+		if certDERBlock.Type == "CERTIFICATE" {
+			cert, err := x509.ParseCertificate(certDERBlock.Bytes)
+			if err != nil {
+				return nil, err
+			}
+			certificates = append(certificates, cert)
 		}
-
-		certificates = append(certificates, cert)
 	}
 
 	if len(certificates) == 0 {