aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--x509util/x509util.go23
1 files changed, 7 insertions, 16 deletions
diff --git a/x509util/x509util.go b/x509util/x509util.go
index b300ef3..c005bed 100644
--- a/x509util/x509util.go
+++ b/x509util/x509util.go
@@ -112,24 +112,15 @@ func ParseChain(rest []byte) ([]*x509.Certificate, error) {
// first (zero-index) string is interpretted as an end-entity certificate and
// the remaining ones as the an intermediate CertPool.
func ParseDerChain(chain [][]byte) (*x509.Certificate, *x509.CertPool, error) {
- var certificate *x509.Certificate
- intermediatePool := x509.NewCertPool()
- for index, der := range chain {
- c, err := x509.ParseCertificate(der)
- if err != nil {
- return nil, nil, fmt.Errorf("certificate decoding failed: %v", err)
- }
-
- if index == 0 {
- certificate = c
- } else {
- intermediatePool.AddCert(c)
- }
+ certificates, err := ParseDerChainToList(chain)
+ if err != nil || len(certificates) == 0 {
+ return nil, nil, err
}
- if certificate == nil {
- return nil, nil, fmt.Errorf("certificate chain is empty")
+ intermediatePool := x509.NewCertPool()
+ for _, certificate := range certificates[1:] {
+ intermediatePool.AddCert(certificate)
}
- return certificate, intermediatePool, nil
+ return certificates[0], intermediatePool, nil
}
// ParseDerChainToList parses a list of DER-encoded certificates
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-05 19:13:36 +0000