Skip to content

Commit

Permalink
Merge pull request #2292 from openziti/trust-domain-get-chains
Browse files Browse the repository at this point in the history 
also send partial chain GetChain() when computing the spiffe id
  • Loading branch information
@qrkourier
qrkourier authored Aug 6, 2024
2 parents 38a06ad + 5ee5143 commit 662dca6
Showing 1 changed file with 12 additions and 1 deletion.
13 changes: 12 additions & 1 deletion controller/config/config.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -680,7 +680,18 @@ func isSelfSigned(cert *x509.Certificate) (bool, error) {
}

func generateDefaultSpiffeId(id identity.Identity) (*url.URL, error) {
chain := id.CaPool().GetChain(id.Cert().Leaf)
rawCerts := id.Cert().Certificate
certs := make([]*x509.Certificate, len(rawCerts))

for i := range rawCerts {
cert, err := x509.ParseCertificate(rawCerts[i])
if err != nil {
return nil, fmt.Errorf("failed to parse certificate at index [%d]: %w", i, err)
}
certs[i] = cert
}

chain := id.CaPool().GetChain(id.Cert().Leaf, certs...)

// chain is 0 or 1, no root possible
if len(chain) <= 1 {
Expand Down

0 comments on commit 662dca6

Please sign in to comment.