mirror of https://github.com/status-im/consul.git
ca: only return the leaf cert from Sign in vault provider
The interface is documented as 'Sign will only return the leaf', and the other providers only return the leaf. It seems like this was added during the initial implementation, so is likely just something we missed. It doesn't break anything , but it does cause confusing cert chains in the API response which could break something in the future.
This commit is contained in:
parent
85ecbaf109
commit
c1c1580bf8
|
@ -529,12 +529,7 @@ func (v *VaultProvider) Sign(csr *x509.CertificateRequest) (string, error) {
|
||||||
if !ok {
|
if !ok {
|
||||||
return "", fmt.Errorf("certificate was not a string")
|
return "", fmt.Errorf("certificate was not a string")
|
||||||
}
|
}
|
||||||
ca, ok := response.Data["issuing_ca"].(string)
|
return EnsureTrailingNewline(cert), nil
|
||||||
if !ok {
|
|
||||||
return "", fmt.Errorf("issuing_ca was not a string")
|
|
||||||
}
|
|
||||||
|
|
||||||
return EnsureTrailingNewline(cert) + EnsureTrailingNewline(ca), nil
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// SignIntermediate returns a signed CA certificate with a path length constraint
|
// SignIntermediate returns a signed CA certificate with a path length constraint
|
||||||
|
|
Loading…
Reference in New Issue