upstream/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2026-05-28 04:10:44 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

auth/cert: Guard against empty certs. Fixes #214

Browse source
This commit is contained in:
Armon Dadgar 2015-05-18 16:11:09 -07:00
parent 45f14256fe
commit cce15445c9
1 changed files with 7 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
builtin/credential/cert/path_login.go
View file

@ -154,9 +154,14 @@ func validateConnState(roots *x509.CertPool, cs *tls.ConnectionState) ([][]*x509
KeyUsages: []x509.ExtKeyUsage{x509.ExtKeyUsageAny},
}
certs := cs.PeerCertificates
if len(certs) == 0 {
return nil, nil
}
for _, cert := range certs[1:] {
opts.Intermediates.AddCert(cert)
if len(certs) > 1 {
for _, cert := range certs[1:] {
opts.Intermediates.AddCert(cert)
}
}
chains, err := certs[0].Verify(opts)