mirror of
https://github.com/k3s-io/k3s.git
synced 2024-06-07 19:41:36 +00:00
977a85559e
We need to send the full chain in order for cross-signing to work properly during switchover to a new root. Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
18 lines
486 B
Go
18 lines
486 B
Go
package util
|
|
|
|
import (
|
|
"crypto/x509"
|
|
|
|
certutil "github.com/rancher/dynamiclistener/cert"
|
|
)
|
|
|
|
// EncodeCertsPEM is a wrapper around the EncodeCertPEM function to return the
|
|
// PEM encoding of a cert and chain, instead of just a single cert.
|
|
func EncodeCertsPEM(cert *x509.Certificate, caCerts []*x509.Certificate) []byte {
|
|
pemBytes := certutil.EncodeCertPEM(cert)
|
|
for _, caCert := range caCerts {
|
|
pemBytes = append(pemBytes, certutil.EncodeCertPEM(caCert)...)
|
|
}
|
|
return pemBytes
|
|
}
|