From 20389553c7d287a4fffb9718e328a514640a915c Mon Sep 17 00:00:00 2001 From: Joel Sing Date: Wed, 20 Mar 2019 03:58:42 +1100 Subject: [PATCH] crypto/tls: simplify intermediate certificate handling The certificates argument to verifyServerCertificate must contain at least one certificate. Simplify the intermediate certificate handling code accordingly. Change-Id: I8292cdfb51f418e011d6d97f47d10b4e631aa932 Reviewed-on: https://go-review.googlesource.com/c/go/+/169657 Reviewed-by: Filippo Valsorda --- src/crypto/tls/handshake_client.go | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/src/crypto/tls/handshake_client.go b/src/crypto/tls/handshake_client.go index 31bd069bbc..c07cc6d507 100644 --- a/src/crypto/tls/handshake_client.go +++ b/src/crypto/tls/handshake_client.go @@ -826,11 +826,7 @@ func (c *Conn) verifyServerCertificate(certificates [][]byte) error { DNSName: c.config.ServerName, Intermediates: x509.NewCertPool(), } - - for i, cert := range certs { - if i == 0 { - continue - } + for _, cert := range certs[1:] { opts.Intermediates.AddCert(cert) } var err error -- 2.50.0