crypto/tls: simplify intermediate certificate handling

The certificates argument to verifyServerCertificate must contain
at least one certificate. Simplify the intermediate certificate
handling code accordingly.

Change-Id: I8292cdfb51f418e011d6d97f47d10b4e631aa932
Reviewed-on: https://go-review.googlesource.com/c/go/+/169657
Reviewed-by: Filippo Valsorda <filippo@golang.org>

diff --git a/src/crypto/tls/handshake_client.go b/src/crypto/tls/handshake_client.go
index 31bd069bbcd7c6ef08255e3bac2b4abd097b335c..c07cc6d507e36c28d00a7ff9019985d046fde72a 100644 (file)
--- a/src/crypto/tls/handshake_client.go
+++ b/src/crypto/tls/handshake_client.go
@@ -826,11 +826,7 @@ func (c *Conn) verifyServerCertificate(certificates [][]byte) error {
                        DNSName:       c.config.ServerName,
                        Intermediates: x509.NewCertPool(),
                }
-
-               for i, cert := range certs {
-                       if i == 0 {
-                               continue
-                       }
+               for _, cert := range certs[1:] {
                        opts.Intermediates.AddCert(cert)
                }
                var err error