From 7f6f7902532acbac24de45c3db7d74eef33ba6bb Mon Sep 17 00:00:00 2001
From: xenolf <xenolf@users.noreply.github.com>
Date: Sun, 18 Oct 2015 03:29:26 +0200
Subject: [PATCH] Wrap []byte for DER certificates in its own type.

---
 acme/client.go | 2 +-
 acme/crypto.go | 4 +++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/acme/client.go b/acme/client.go
index 5016ecdb..dfbacb4e 100644
--- a/acme/client.go
+++ b/acme/client.go
@@ -357,7 +357,7 @@ func (c *Client) requestCertificate(authz *authorizationResource, result chan Ce
 			// Otherwise the body is the certificate.
 			if len(cert) > 0 {
 				cerRes.CertStableURL = resp.Header.Get("Content-Location")
-				cerRes.Certificate = pemEncode(cert)
+				cerRes.Certificate = pemEncode(derCertificateBytes(cert))
 				result <- cerRes
 			} else {
 				// The certificate was granted but is not yet issued.
diff --git a/acme/crypto.go b/acme/crypto.go
index 7df778f8..27ae6bc0 100644
--- a/acme/crypto.go
+++ b/acme/crypto.go
@@ -10,6 +10,8 @@ import (
 	"time"
 )
 
+type derCertificateBytes []byte
+
 func generatePrivateKey(keyLength int) (*rsa.PrivateKey, error) {
 	return rsa.GenerateKey(rand.Reader, keyLength)
 }
@@ -30,7 +32,7 @@ func pemEncode(data interface{}) []byte {
 	case *rsa.PrivateKey:
 		pemBlock = &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(key)}
 		break
-	case []byte:
+	case derCertificateBytes:
 		pemBlock = &pem.Block{Type: "CERTIFICATE", Bytes: data.([]byte)}
 	}