From: Joel Sing <joel@sing.id.au>
Date: Tue, 19 Mar 2019 16:58:42 +0000 (+1100)
Subject: crypto/tls: simplify intermediate certificate handling
X-Git-Tag: go1.13beta1~824
X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=20389553c7d287a4fffb9718e328a514640a915c;p=gostls13.git

crypto/tls: simplify intermediate certificate handling

The certificates argument to verifyServerCertificate must contain
at least one certificate. Simplify the intermediate certificate
handling code accordingly.

Change-Id: I8292cdfb51f418e011d6d97f47d10b4e631aa932
Reviewed-on: https://go-review.googlesource.com/c/go/+/169657
Reviewed-by: Filippo Valsorda <filippo@golang.org>
---

diff --git a/src/crypto/tls/handshake_client.go b/src/crypto/tls/handshake_client.go
index 31bd069bbc..c07cc6d507 100644
--- a/src/crypto/tls/handshake_client.go
+++ b/src/crypto/tls/handshake_client.go
@@ -826,11 +826,7 @@ func (c *Conn) verifyServerCertificate(certificates [][]byte) error {
 			DNSName:       c.config.ServerName,
 			Intermediates: x509.NewCertPool(),
 		}
-
-		for i, cert := range certs {
-			if i == 0 {
-				continue
-			}
+		for _, cert := range certs[1:] {
 			opts.Intermediates.AddCert(cert)
 		}
 		var err error