Merge branch 'Arvanaghi-master'

Merging the request that prevents a requester from signing their own
request.

Author: bobveznat

sign_certd.go

@@ -590,6 +590,16 @@ func (h *certRequestHandler) signOrRejectRequest(rw http.ResponseWriter, req *ht
 		http.Error(rw, "Signature was valid, but cert didn't match.", http.StatusBadRequest)
 		return
 	}
+
+	requesterFp := ssh_ca_util.MakeFingerprint(requestedCert.Key.Marshal())
+
+	// Make sure the key attempting to sign the request is not the same as the key in the CSR
+	if signerFp == requesterFp {
+		err = errors.New("Signed by the same key as key in request")
+		http.Error(rw, fmt.Sprintf("%v", err), http.StatusBadRequest)		
+		return
+	}
+
 	log.Printf("Signature for serial %d id %s received from %s (%s) @ %s and determined valid\n",
 		signedCert.Serial, requestID, signerFp, envConfig.AuthorizedSigners[signerFp], req.RemoteAddr)
 	if req.Method == "POST" {