From 833d28cb6a59bb935f781e2811c840b348eaf19b Mon Sep 17 00:00:00 2001 From: Mariano Cano Date: Wed, 25 Aug 2021 16:15:12 -0700 Subject: [PATCH] Clone the certificate in case we need to look at it later. --- api/sshRenew.go | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/api/sshRenew.go b/api/sshRenew.go index 4a36673a..cb6ec5fd 100644 --- a/api/sshRenew.go +++ b/api/sshRenew.go @@ -1,6 +1,7 @@ package api import ( + "crypto/x509" "net/http" "time" @@ -85,7 +86,11 @@ func (h *caHandler) renewIdentityCertificate(r *http.Request, notBefore, notAfte return nil, nil } - cert := r.TLS.PeerCertificates[0] + // Clone the certificate as we can modify it. + cert, err := x509.ParseCertificate(r.TLS.PeerCertificates[0].Raw) + if err != nil { + return nil, errors.Wrap(err, "error parsing client certificate") + } // Enforce the cert to match another certificate, for example an ssh // certificate.