fix: add self-signed cert validation (#71)

Signed-off-by: Junjie Gao <[email protected]>

internal/crypto/cert.go

@@ -89,21 +89,13 @@ func MergeCertificateChain(certBundlePath string, originalCerts []*x509.Certific
 	return ValidateCertificateChain(append(originalCerts, certBundle...))
 }
 
-// ValidateCertificateChain is a function that takes in a slice of x509 certificate
-// instances and validates the certificate chain. It first generates two
-// empty certificate pools, rootPool and intermediatePool, and then
-// iterates through the input `certs` to classify each one as either a "root"
-// or "intermediate" certificate and adding it to the appropriate pool.
-// It then sets up the options for certificate chain verification and calls
-// leafCert.Verify on the first certificate in the input slice (which is
-// assumed to be the "leaf certificate"). If the verification is successful,
-// it returns the first chain of authenticated certificates, otherwise it
-// logs the error and returns nil and an error.
+// ValidateCertificateChain verifies a certificate chain and returns the valid
+// chain coupled with any error that may occur.
 func ValidateCertificateChain(certs []*x509.Certificate) ([]*x509.Certificate, error) {
 	// generate certificate pools
 	rootPool := x509.NewCertPool()
 	intermediatePool := x509.NewCertPool()
-	for _, cert := range certs[1:] {
+	for _, cert := range certs {
 		if bytes.Equal(cert.RawIssuer, cert.RawSubject) {
 			rootPool.AddCert(cert)
 		} else {