[TLS] Fluentd does not accept certificates containing CRLF instead of LF

[pbudner]

Describe the bug
Enabling TLS transport using a valid X.509 certificate that contains CRLF instead of LF leads to an unexpected behavior. Fluentd is not able to parse the valid certificate and refuses to do TLS handshakes.

To Reproduce
Specify a forward input using TLS that points to a certificate containing CRLF instead of LF.

Expected behavior
Fluentd should warn if it could not parse and find a valid certificate in the given cert_path content. Also Fluentd should be able to handle certificates that contain CRLF instead of LF.

Your Environment

• Fluentd or td-agent version: fluentd 1.9.3
• Operating system: NAME="Amazon Linux" VERSION="2" ID="amzn" ID_LIKE="centos rhel fedora" VERSION_ID="2" PRETTY_NAME="Amazon Linux 2" ANSI_COLOR="0;33" CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2" HOME_URL="https://amazonlinux.com/"
• Kernel version: 4.14.171-136.231.amzn2.x86_64

Your Configuration

<system>
  workers 1
  log_level debug
</system>

<source>
  @type forward
  @id input_forward
  port 24224
  <transport tls>
    cert_path /Users/pascalbudner/Certs/fluentd.dev.broken.cer
    private_key_path /Users/pascalbudner/Certs/fluentd.dev.broken.key
  </transport>
</source>

Your Error Log

[warn]: #0 [input_forward] unexpected error before accepting TLS connection by OpenSSL error_class=OpenSSL::SSL::SSLError error="SSL_accept returned=1 errno=0 state=SSLv3 read client hello C: no shared cipher"

Additional context

nothing to add here