Merge pull request #3862 from jetstack/revert-3847-fix/3619

Revert "Handle CA issuer working as intermediate correctly"
2021-04-07 09:46:57 +01:00 · 2021-04-07 09:46:57 +01:00 · 9f612f0c2e
commit 9f612f0c2e
parent 79ccab3e69 f56db9f93d
2 changed files with 3 additions and 5 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,6 +1,5 @@
 .DS_Store
 .idea
-*.iml
 /acmesolver
 /controller
 /ingress-shim
--- a/pkg/util/pki/csr.go
+++ b/pkg/util/pki/csr.go
@ -424,9 +424,9 @@ func SignCSRTemplate(caCerts []*x509.Certificate, caKey crypto.Signer, template
 		return nil, nil, errors.New("no CA certificates given to sign CSR template")
 	}

-	issuingCACert := caCerts[0]
+	caCert := caCerts[0]

-	certPem, _, err := SignCertificate(template, issuingCACert, template.PublicKey, caKey)
+	certPem, _, err := SignCertificate(template, caCert, template.PublicKey, caKey)
 	if err != nil {
 		return nil, nil, err

@ -440,8 +440,7 @@ func SignCSRTemplate(caCerts []*x509.Certificate, caKey crypto.Signer, template
 	certPem = append(certPem, chainPem...)

 	// encode the CA certificate to be bundled in the output
-	caCert := caCerts[len(caCerts)-1]
-	caPem, err := EncodeX509(caCert)
+	caPem, err := EncodeX509(caCerts[0])
 	if err != nil {
 		return nil, nil, err
 	}