Clone the certificate in case we need to look at it later.

This commit is contained in:
Mariano Cano 2021-08-25 16:15:12 -07:00
parent 568fce201a
commit 833d28cb6a

View file

@ -1,6 +1,7 @@
package api
import (
"crypto/x509"
"net/http"
"time"
@ -85,7 +86,11 @@ func (h *caHandler) renewIdentityCertificate(r *http.Request, notBefore, notAfte
return nil, nil
}
cert := r.TLS.PeerCertificates[0]
// Clone the certificate as we can modify it.
cert, err := x509.ParseCertificate(r.TLS.PeerCertificates[0].Raw)
if err != nil {
return nil, errors.Wrap(err, "error parsing client certificate")
}
// Enforce the cert to match another certificate, for example an ssh
// certificate.