added chain processing with intermediate certificates

Basic test chains can be generated manually with openssl, see details in server/testdata/x509/README.md.
author: Rasmus Dahlberg <rasmus.dahlberg@kau.se> 2020-11-03 20:01:08 +0100
committer: Rasmus Dahlberg <rasmus.dahlberg@kau.se> 2020-11-03 20:01:08 +0100
commit: 0168f18229402b299a3fb3bb6fe3edb8e3ffa7fc (patch)
tree: 19ffe21cf8cebf43859e00bc1ddac20593161ac5 /x509.go
parent: 71ed441c7d0ce507d72f02fb06679b6479fefc19 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/x509.go b/x509.go
index e7a45e6..b8e2885 100644
--- a/x509.go
+++ b/x509.go
@@ -164,13 +164,14 @@ func ParseB64Chain(chain []string) (*x509.Certificate, *x509.CertPool, error) {
 }
 
 func buildChainFromB64List(lp *LogParameters, b64chain []string) ([]*x509.Certificate, error) {
-	certificate, _, err := ParseB64Chain(b64chain) // TODO: use intermediatePool
+	certificate, intermediatePool, err := ParseB64Chain(b64chain)
 	if err != nil {
 		return nil, err
 	}
 
 	opts := x509.VerifyOptions{
 		Roots:     lp.AnchorPool,
+		Intermediates: intermediatePool,
 		KeyUsages: []x509.ExtKeyUsage{x509.ExtKeyUsageAny}, // TODO: move to ld
 	}
author	Rasmus Dahlberg <rasmus.dahlberg@kau.se>	2020-11-03 20:01:08 +0100
committer	Rasmus Dahlberg <rasmus.dahlberg@kau.se>	2020-11-03 20:01:08 +0100
commit	0168f18229402b299a3fb3bb6fe3edb8e3ffa7fc (patch)
tree	19ffe21cf8cebf43859e00bc1ddac20593161ac5 /x509.go
parent	71ed441c7d0ce507d72f02fb06679b6479fefc19 (diff)