| 389 | } |
| 390 | |
| 391 | func (s *SMTPHandler) loadCAFile() (*x509.CertPool, error) { |
| 392 | if s.cfg.TLS.CAFile == "" { |
| 393 | // nolint:nilnil // A nil CertPool is a valid response. |
| 394 | return nil, nil |
| 395 | } |
| 396 | |
| 397 | ca, err := os.ReadFile(s.cfg.TLS.CAFile.String()) |
| 398 | if err != nil { |
| 399 | return nil, xerrors.Errorf("load CA file: %w", err) |
| 400 | } |
| 401 | |
| 402 | pool := x509.NewCertPool() |
| 403 | if !pool.AppendCertsFromPEM(ca) { |
| 404 | return nil, xerrors.Errorf("build cert pool: %w", err) |
| 405 | } |
| 406 | |
| 407 | return pool, nil |
| 408 | } |
| 409 | |
| 410 | func (s *SMTPHandler) loadCertificate() (*tls.Certificate, error) { |
| 411 | if len(s.cfg.TLS.CertFile) == 0 && len(s.cfg.TLS.KeyFile) == 0 { |