Add a note about unable to self-sign

bobveznat · bobveznat · commit 49e2b6ac3921 · 2019-08-31T09:16:11.000-05:00
And remove some trailing whitespace from a line in sign_certd
diff --git a/README.rst b/README.rst
@@ -28,6 +28,10 @@ parameters of the certificate before deciding whether or not to actually
 sign the cert request. The signed certificate is again POSTed back to
 the server where the signature is validated.
 
+Note that a requester may not sign their own request. If a +1 is
+received for a request by the same key as the one in the request then
+the signing request is rejected.
+
 Once enough valid signatures are received the cert request is
 automatically signed using the signing key for the cert authority and
 made available for download by the requester using the request id.
diff --git a/sign_certd.go b/sign_certd.go
@@ -596,7 +596,7 @@ func (h *certRequestHandler) signOrRejectRequest(rw http.ResponseWriter, req *ht
 	// Make sure the key attempting to sign the request is not the same as the key in the CSR
 	if signerFp == requesterFp {
 		err = errors.New("Signed by the same key as key in request")
-		http.Error(rw, fmt.Sprintf("%v", err), http.StatusBadRequest)		
+		http.Error(rw, fmt.Sprintf("%v", err), http.StatusBadRequest)
 		return
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -596,7 +596,7 @@ func (h certRequestHandler) signOrRejectRequest(rw http.ResponseWriter, req ht`
`596`	`596`	`// Make sure the key attempting to sign the request is not the same as the key in the CSR`
`597`	`597`	`if signerFp == requesterFp {`
`598`	`598`	`err = errors.New("Signed by the same key as key in request")`
`599`		`- http.Error(rw, fmt.Sprintf("%v", err), http.StatusBadRequest)`
	`599`	`+ http.Error(rw, fmt.Sprintf("%v", err), http.StatusBadRequest)`
`600`	`600`	`return`
`601`	`601`	`}`
`602`	`602`