Skip to content
This repository has been archived by the owner on Oct 6, 2019. It is now read-only.

Commit

Permalink
Serve certificate chain when fetching certificate from PKI (#246)
Browse files Browse the repository at this point in the history
  • Loading branch information
@ewdurbin @Caiyeon
ewdurbin authored and Caiyeon committed Feb 23, 2018
1 parent 30cee09 commit e63d3e1
Showing 1 changed file with 8 additions and 3 deletions.
11 changes: 8 additions & 3 deletions vault/pki.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,18 +26,23 @@ func FetchCertificate(path string, body map[string]interface{}) (*tls.Certificat
if !ok {
return nil, errors.New("Certificate not found in response")
}
issuingCACertRaw, ok := resp.Data["issuing_ca"]
if !ok {
return nil, errors.New("Issuing CA Certificate not found in response")
}
keyRaw, ok := resp.Data["private_key"]
if !ok {
return nil, errors.New("Private key not found in response")
}

cert, ok := certRaw.(string)
issuing_ca_cert, ok := issuingCACertRaw.(string)
key, ok := keyRaw.(string)
if cert == "" || key == "" {
return nil, errors.New("Cert and key could not be asserted to string")
if cert == "" || key == "" || issuing_ca_cert == "" {
return nil, errors.New("Cert, Issuing CA Cert, and Key could not be asserted to string")
}

pair, err := tls.X509KeyPair([]byte(cert), []byte(key))
pair, err := tls.X509KeyPair([]byte(cert + "\n" + issuing_ca_cert), []byte(key))
if err != nil {
return nil, err
}
Expand Down

0 comments on commit e63d3e1

Please sign in to comment.