Check at the cert type instead of at the body.

5 years ago · f6ffa2cc43
parent 5d7829b198
commit f6ffa2cc43
1 changed files with 2 additions and 2 deletions
--- a/api/ssh.go
+++ b/api/ssh.go
@ -56,7 +56,7 @@ func (s *SSHSignRequest) Validate() error {
 		// Validate identity signature if provided
 		if s.IdentityCSR.CertificateRequest != nil {
 			if err := s.IdentityCSR.CertificateRequest.CheckSignature(); err != nil {
-				return errors.Wrap(err, "invalid csr")
+				return errors.Wrap(err, "invalid identityCSR")
 			}
 		}
 		return nil
@ -308,7 +308,7 @@ func (h *caHandler) SSHSign(w http.ResponseWriter, r *http.Request) {
 	if cr := body.IdentityCSR.CertificateRequest; cr != nil {
 		var opts provisioner.Options
 		// Use same duration as ssh certificate for user certificates
-		if body.CertType == provisioner.SSHUserCert {
+		if cert.CertType == ssh.UserCert {
 			opts = provisioner.Options{
 				NotBefore: provisioner.NewTimeDuration(time.Unix(int64(cert.ValidAfter), 0)),
 				NotAfter:  provisioner.NewTimeDuration(time.Unix(int64(cert.ValidBefore), 0)),