From cb901157ac1701c6fb541c63f0819679d4847c3d Mon Sep 17 00:00:00 2001
From: Yufu Zhao <ms2008vip@gmail.com>
Date: Wed, 5 Feb 2025 18:18:52 +0800
Subject: [PATCH] fix(certificate): properly throw errors when parsing
 certificate from the vault (#14212)

get_certificate was not handling certificate parsing errors after a vault update. This fixes it.

FTI-6392
---
 changelog/unreleased/kong/fix-error-handle-certificate.yml | 3 +++
 kong/runloop/certificate.lua                               | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)
 create mode 100644 changelog/unreleased/kong/fix-error-handle-certificate.yml

diff --git a/changelog/unreleased/kong/fix-error-handle-certificate.yml b/changelog/unreleased/kong/fix-error-handle-certificate.yml
new file mode 100644
index 00000000000..d6f73e00262
--- /dev/null
+++ b/changelog/unreleased/kong/fix-error-handle-certificate.yml
@@ -0,0 +1,3 @@
+message: "Fixed an issue where the error was not thrown when parsing the certificate from vault."
+type: bugfix
+scope: Core
diff --git a/kong/runloop/certificate.lua b/kong/runloop/certificate.lua
index 2ad82919d2f..4aee2689f0c 100644
--- a/kong/runloop/certificate.lua
+++ b/kong/runloop/certificate.lua
@@ -261,7 +261,7 @@ local function get_certificate(pk, sni_name, ws_id)
                                                           pk, sni_name, ws_id)
 
   if certificate and hit_level ~= 3 and certificate["$refs"] then
-    certificate = parse_key_and_cert(kong.vault.update(certificate))
+    certificate, err = parse_key_and_cert(kong.vault.update(certificate))
   end
 
   return certificate, err