Fix intermediate certificate handling in setupTLSCommonName

Copilot · shueybubbles · Copilot · commit edfd5638366a · 2026-01-08T23:55:05.000Z
Co-authored-by: shueybubbles &lt;2224906+shueybubbles@users.noreply.github.com&gt;
diff --git a/msdsn/conn_str_go115.go b/msdsn/conn_str_go115.go
@@ -41,10 +41,20 @@ func setupTLSCommonName(config *tls.Config, pem []byte) error {
 			return fmt.Errorf("invalid certificate name %q, expected %q", commonName, config.ServerName)
 		}
 		
+		// Build intermediates pool from the peer certificates (excluding the first one which is the server cert)
+		intermediates := x509.NewCertPool()
+		for i := 1; i < len(rawCerts); i++ {
+			intermediateCert, err := x509.ParseCertificate(rawCerts[i])
+			if err != nil {
+				return fmt.Errorf("failed to parse intermediate certificate: %w", err)
+			}
+			intermediates.AddCert(intermediateCert)
+		}
+		
 		// Verify the certificate chain against the provided root CA
 		opts := x509.VerifyOptions{
 			Roots:         roots,
-			Intermediates: x509.NewCertPool(),
+			Intermediates: intermediates,
 		}
 		_, err = cert.Verify(opts)
 		return err
