luxolus
/
open-consul
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity

ca: only return the leaf cert from Sign in vault provider 

The interface is documented as 'Sign will only return the leaf', and the other providers
only return the leaf. It seems like this was added during the initial implementation, so
is likely just something we missed. It doesn't break anything , but it does cause confusing cert chains
in the API response which could break something in the future.
This commit is contained in:
Daniel Nephin 2021-12-13 14:49:32 -05:00
parent 2d5254a73b
commit ef03f7be73
1 changed files with 1 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
agent/connect/ca/provider_vault.go
View File

@ -529,12 +529,7 @@ func (v *VaultProvider) Sign(csr *x509.CertificateRequest) (string, error) {
if !ok {
return "", fmt.Errorf("certificate was not a string")
}
ca, ok := response.Data["issuing_ca"].(string)
if !ok {
return "", fmt.Errorf("issuing_ca was not a string")
}
return EnsureTrailingNewline(cert) + EnsureTrailingNewline(ca), nil
return EnsureTrailingNewline(cert), nil
}
// SignIntermediate returns a signed CA certificate with a path length constraint