From 1d24006e69aaa6bd14bf821db343ef48bf145ebb Mon Sep 17 00:00:00 2001 From: Ludovic Fernandez Date: Thu, 28 Jan 2021 20:26:07 +0100 Subject: [PATCH] fix: preferred chain only match root name (#1334) --- certificate/certificates.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/certificate/certificates.go b/certificate/certificates.go index ff0e2d52..a1306802 100644 --- a/certificate/certificates.go +++ b/certificate/certificates.go @@ -540,10 +540,10 @@ func hasPreferredChain(issuer []byte, preferredChain string) (bool, error) { return false, err } - for _, cert := range certs { - if cert.Issuer.CommonName == preferredChain { - return true, nil - } + topCert := certs[len(certs)-1] + + if topCert.Issuer.CommonName == preferredChain { + return true, nil } return false, nil