From d0f457a3500f0a56a504b9207d20feefa65a9e2c Mon Sep 17 00:00:00 2001
From: David Adrian <davidcadrian@gmail.com>
Date: Sat, 20 May 2017 19:13:52 -0400
Subject: [PATCH] Pass presented chain to Verifiers (#54)

This approach is thread safe and allows the intermediate set used by a
Verifier to be appended with the chain presented by the host.
---
 verifier/verifier.go | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/verifier/verifier.go b/verifier/verifier.go
index 6ca41e9a..8ffd5a4d 100644
--- a/verifier/verifier.go
+++ b/verifier/verifier.go
@@ -107,8 +107,9 @@ type VerifyProcedure interface {
 // VerificationOptions contains settings for Verifier.Verify().
 // VerificationOptions should be safely copyable.
 type VerificationOptions struct {
-	VerifyTime time.Time
-	Name       string
+	VerifyTime     time.Time
+	Name           string
+	PresentedChain *x509.CertPool
 }
 
 func (opt *VerificationOptions) clean() {
@@ -127,7 +128,11 @@ type Verifier struct {
 func (v *Verifier) convertOptions(opt *VerificationOptions) (out x509.VerifyOptions) {
 	out.CurrentTime = opt.VerifyTime
 	out.Roots = v.Roots
-	out.Intermediates = v.Intermediates
+	if opt.PresentedChain != nil && opt.PresentedChain.Size() > 0 {
+		out.Intermediates = v.Intermediates.Sum(opt.PresentedChain)
+	} else {
+		out.Intermediates = v.Intermediates
+	}
 	out.DNSName = opt.Name
 	out.KeyUsages = []x509.ExtKeyUsage{x509.ExtKeyUsageAny}
 	return