Archives/smallstep-certificates
2
0
Fork 0
mirror of https://github.com/smallstep/certificates.git synced 2024-11-11 07:11:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add missing modifier and change return codes.

Browse Source
This commit is contained in:
Mariano Cano 2019-03-07 16:03:38 -08:00
parent b07fe546fd
commit c0ef6f8dc5
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
authority/tls.go
View File

@ -93,7 +93,7 @@ func withDefaultASN1DN(def *x509util.ASN1DN) x509util.WithOption {
func (a *Authority) Sign(csr *x509.CertificateRequest, signOpts provisioner.Options, extraOpts ...provisioner.SignOption) (*x509.Certificate, *x509.Certificate, error) { func (a *Authority) Sign(csr *x509.CertificateRequest, signOpts provisioner.Options, extraOpts ...provisioner.SignOption) (*x509.Certificate, *x509.Certificate, error) {
var ( var (
errContext = context{"csr": csr, "signOptions": signOpts} errContext = context{"csr": csr, "signOptions": signOpts}
mods = []x509util.WithOption{} mods = []x509util.WithOption{withDefaultASN1DN(a.config.AuthorityConfig.Template)}
certValidators = []provisioner.CertificateValidator{} certValidators = []provisioner.CertificateValidator{}
) )
for _, op := range extraOpts { for _, op := range extraOpts {
@ -102,7 +102,7 @@ func (a *Authority) Sign(csr *x509.CertificateRequest, signOpts provisioner.Opti
certValidators = append(certValidators, k) certValidators = append(certValidators, k)
case provisioner.CertificateRequestValidator: case provisioner.CertificateRequestValidator:
if err := k.Valid(csr); err != nil { if err := k.Valid(csr); err != nil {
return nil, nil, err return nil, nil, &apiError{err, http.StatusUnauthorized, errContext}
} }
case provisioner.ProfileModifier: case provisioner.ProfileModifier:
mods = append(mods, k.Option(signOpts)) mods = append(mods, k.Option(signOpts))
@ -140,7 +140,7 @@ func (a *Authority) Sign(csr *x509.CertificateRequest, signOpts provisioner.Opti
// FIXME: This should be before creating the certificate. // FIXME: This should be before creating the certificate.
for _, v := range certValidators { for _, v := range certValidators {
if err := v.Valid(serverCert); err != nil { if err := v.Valid(serverCert); err != nil {
return nil, nil, err return nil, nil, &apiError{err, http.StatusUnauthorized, errContext}
} }
} }