[ca] Fix cross-signing bug where ECDSA keys can't cross-sign RSA CAs

[cyli]

Fix bug where we could not cross-sign an RSA certificate with an ECDSA certificate and vice versa.

Signed-off-by: cyli ying.li@docker.com

Noticed this when poking around the docker CLI. It's because we are just using the new cert as a template, and the new cert's signature algorithm could be different than the old cert's signature algorithm (because the new cert's key could be an entirely different key type than the old).

[aaronlehmann]

ping @diogomonica

[aaronlehmann]

--- FAIL: TestSessionRestartedOnNodeDescriptionChange (2.29s)
	Error Trace:	agent_test.go:255
	Error:		Received unexpected error no current session
			github.com/docker/swarmkit/testutils.PollFuncWithTimeout
				/home/ubuntu/.go_workspace/src/github.com/docker/swarmkit/testutils/poll.go:28: polling failed

Probably not related? I think we just merged the PR which added that test.

[cyli]

Agree I think it's probably not related, but the test was added a month ago - am trying to replicate it.

[codecov]

Codecov Report

Merging #2163 into master will increase coverage by 0.2%.
The diff coverage is 100%.

@@            Coverage Diff            @@
##           master    #2163     +/-   ##
=========================================
+ Coverage   59.84%   60.04%   +0.2%     
=========================================
  Files         119      119             
  Lines       19665    19666      +1     
=========================================
+ Hits        11769    11809     +40     
+ Misses       6551     6522     -29     
+ Partials     1345     1335     -10

[diogomonica]

Ha, this is a cool bug.

[diogomonica]

LGTM