From d71566d0976237af81e02c0b82db75312f4f9714 Mon Sep 17 00:00:00 2001
From: Yufu Zhao <ms2008vip@gmail.com>
Date: Wed, 22 Jan 2025 12:07:55 +0800
Subject: [PATCH 1/2] fix(certificate): properly throw errors when parsing
 certificate from the vault

`get_certificate` was not handling certificate parsing errors after a
vault update. This fixes it.
---
 kong/runloop/certificate.lua | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kong/runloop/certificate.lua b/kong/runloop/certificate.lua
index 2ad82919d2f..4aee2689f0c 100644
--- a/kong/runloop/certificate.lua
+++ b/kong/runloop/certificate.lua
@@ -261,7 +261,7 @@ local function get_certificate(pk, sni_name, ws_id)
                                                           pk, sni_name, ws_id)
 
   if certificate and hit_level ~= 3 and certificate["$refs"] then
-    certificate = parse_key_and_cert(kong.vault.update(certificate))
+    certificate, err = parse_key_and_cert(kong.vault.update(certificate))
   end
 
   return certificate, err

From 75c854ecd474b727d3de783ba6e6ee839dfb78e0 Mon Sep 17 00:00:00 2001
From: Yufu Zhao <ms2008vip@gmail.com>
Date: Thu, 23 Jan 2025 10:47:56 +0800
Subject: [PATCH 2/2] docs(*): add changelog entry

---
 changelog/unreleased/kong/fix-error-handle-certificate.yml | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100644 changelog/unreleased/kong/fix-error-handle-certificate.yml

diff --git a/changelog/unreleased/kong/fix-error-handle-certificate.yml b/changelog/unreleased/kong/fix-error-handle-certificate.yml
new file mode 100644
index 00000000000..d6f73e00262
--- /dev/null
+++ b/changelog/unreleased/kong/fix-error-handle-certificate.yml
@@ -0,0 +1,3 @@
+message: "Fixed an issue where the error was not thrown when parsing the certificate from vault."
+type: bugfix
+scope: Core