From 4f130a6e45083f5929074733ab8524400161ba64 Mon Sep 17 00:00:00 2001
From: Jeffrey Bevill <Jeffrey_Bevill@comcast.com>
Date: Sat, 12 Jan 2019 00:17:10 -0700
Subject: [PATCH] Traffic Ops Delivery Service - ADDSSLKeys API - Remove
 mandatory SKI/AKI extensions be present in certificates (#3181)

---
 .../traffic_ops_golang/deliveryservice/keys.go    | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/traffic_ops/traffic_ops_golang/deliveryservice/keys.go b/traffic_ops/traffic_ops_golang/deliveryservice/keys.go
index 3dd2577e2d..a8e8748423 100644
--- a/traffic_ops/traffic_ops_golang/deliveryservice/keys.go
+++ b/traffic_ops/traffic_ops_golang/deliveryservice/keys.go
@@ -20,7 +20,6 @@ package deliveryservice
  */
 
 import (
-	"bytes"
 	"crypto/x509"
 	"database/sql"
 	"encoding/base64"
@@ -327,12 +326,14 @@ func verifyCertificate(certificate string, rootCA string) (string, bool, error)
 	}
 	pemEncodedChain := ""
 	for _, link := range chain[0] {
-		// Only print non-self signed elements of the chain
-		if link.AuthorityKeyId != nil && !bytes.Equal(link.AuthorityKeyId, link.SubjectKeyId) {
-			block := &pem.Block{Type: "CERTIFICATE", Bytes: link.Raw}
-			pemEncodedChain += string(pem.EncodeToMemory(block))
-		}
-	}
+		// Include all certificates in the chain, since verification was successful.
+		block := &pem.Block{Type: "CERTIFICATE", Bytes: link.Raw}
+		pemEncodedChain += string(pem.EncodeToMemory(block))
+	}
+   
+  	if len(pemEncodedChain) < 1 {
+		return "", false, errors.New("Invalid empty certicate chain in request")
+  	}
 
 	return pemEncodedChain, false, nil
 }