首页 发现 帮助
注册 登录
publics
/
crypto
0
0
派生 0
文件 工单管理 0 合并请求 0 Wiki
浏览代码

acme: simplify TLS-SNI challenge cert

There's no need to PEM-encode key/cert pair to create a tls.Certificate.

All tls.X509KeyPair does is decode back to DER and verify that the
key corresponds to the cert. But we already know it does.

Change-Id: Icccdaf7fd86317147476fb03cbc71ee7b4a06edb
Reviewed-on: https://go-review.googlesource.com/26694
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Alex Vaghin 9 年之前
父节点
e0d166c33c
当前提交
5f961cd492
共有 1 个文件被更改,包括 4 次插入6 次删除
分列视图 显示文件统计
  1. 4 6
      acme/internal/acme/acme.go

+ 4 - 6
acme/internal/acme/acme.go
查看文件 

@@ -615,12 +615,10 @@ func tlsChallengeCert(san ...string) (tls.Certificate, error) {
 
 		DNSNames:              san,
 
 	}
 
 	der, err := x509.CreateCertificate(rand.Reader, &t, &t, &key.PublicKey, key)
 
-	if err != nil {
 
-		return tls.Certificate{}, err
 
-	}
 
-	cert := encodePEM("CERTIFICATE", der)
 
-	keyp := encodePEM("RSA PRIVATE KEY", x509.MarshalPKCS1PrivateKey(key))
 
-	return tls.X509KeyPair(cert, keyp)
 
+	return tls.Certificate{
 
+		Certificate: [][]byte{der},
 
+		PrivateKey:  key,
 
+	}, nil
 
 }
 
 
 // encodePEM returns b encoded as PEM with block of type typ.