feat: parse all root CA certs (#3808)

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
2024-12-14 11:57:48 +00:00 · 2022-05-05 10:31:22 +02:00 · 2022-05-05 10:31:22 +02:00 · 9a1a82e3b5
commit 9a1a82e3b5
parent 5be6a4e2b0
1 changed files with 1 additions and 9 deletions
--- a/pkg/tls/certRenewer.go
+++ b/pkg/tls/certRenewer.go
@ -343,19 +343,11 @@ func (c *CertRenewer) ValidCert() (bool, error) {

 	// build cert pool
 	pool := x509.NewCertPool()
-	caPem, _ := pem.Decode(rootCA)
-	if caPem == nil {
+	if !pool.AppendCertsFromPEM(rootCA) {
 		logger.Error(err, "bad certificate")
 		return false, nil
 	}

-	cac, err := x509.ParseCertificate(caPem.Bytes)
-	if err != nil {
-		logger.Error(err, "failed to parse CA cert")
-		return false, nil
-	}
-	pool.AddCert(cac)
-
 	// valid PEM pair
 	_, err = tls.X509KeyPair(tlsPair.Certificate, tlsPair.PrivateKey)
 	if err != nil {