From 46ae7bab327759ed1d2fa67e497f6f9e211a5f2a Mon Sep 17 00:00:00 2001
From: Richard Hillmann <richie@project0.de>
Date: Sun, 30 Sep 2018 18:42:00 +0200
Subject: [PATCH] fix not bundling cert

---
 api/cert.go              | 4 ++--
 api/client.go            | 4 ++--
 certstore/certificate.go | 6 ++++++
 3 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/api/cert.go b/api/cert.go
index 07862db..e29e8c7 100644
--- a/api/cert.go
+++ b/api/cert.go
@@ -71,7 +71,7 @@ func (a *apiCert) getCert(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	w.WriteHeader(http.StatusOK)
-	w.Write(cert.Certificate)
+	w.Write(cert.GetNoBundleCertificate())
 }
 
 func (a *apiCert) getCA(w http.ResponseWriter, r *http.Request) {
@@ -98,5 +98,5 @@ func (a *apiCert) getBundle(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	w.WriteHeader(http.StatusOK)
-	w.Write(append(cert.Certificate, cert.IssuerCertificate...))
+	w.Write(append(cert.GetNoBundleCertificate(), cert.IssuerCertificate...))
 }
diff --git a/api/client.go b/api/client.go
index 988ff35..a598ca7 100644
--- a/api/client.go
+++ b/api/client.go
@@ -61,12 +61,12 @@ func (c *Client) Get(domain string, san []string, onlyCN bool, valid int) (cert
 
 // WriteCert writes the cert to file
 func (c *Client) WriteCert(cert *certstore.CertificateResource, filepath string) (err error) {
-	return c.writeFile(cert.Certificate, filepath)
+	return c.writeFile(cert.GetNoBundleCertificate(), filepath)
 }
 
 // WriteBundle writes the cert + ca to file
 func (c *Client) WriteBundle(cert *certstore.CertificateResource, filepath string) (err error) {
-	return c.writeFile(append(cert.Certificate, cert.IssuerCertificate...), filepath)
+	return c.writeFile(append(cert.GetNoBundleCertificate(), cert.IssuerCertificate...), filepath)
 }
 
 // WriteKey writes the privte key to file
diff --git a/certstore/certificate.go b/certstore/certificate.go
index 33d25bc..2bc4500 100644
--- a/certstore/certificate.go
+++ b/certstore/certificate.go
@@ -17,3 +17,9 @@ func (c *CertificateResource) parseCert() (*x509.Certificate, error) {
 	block, _ := pem.Decode(c.Certificate)
 	return x509.ParseCertificate(block.Bytes)
 }
+
+// GetNoBundleCertificate ensures to return the cert without ca
+func (c *CertificateResource) GetNoBundleCertificate() []byte {
+	block, _ := pem.Decode(c.Certificate)
+	return pem.EncodeToMemory(block)
+}