From d729c47339e8c08c816e871e6e5e412d94f05331 Mon Sep 17 00:00:00 2001
From: Noah Stride <noah.stride@goteleport.com>
Date: Wed, 5 Feb 2025 17:26:28 +0000
Subject: [PATCH] Fix: correctly use chained certificates for AWS credential
 exchange

Signed-off-by: Noah Stride <noah.stride@goteleport.com>
---
 signer.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/signer.go b/signer.go
index e94fdd4..51ee7b7 100644
--- a/signer.go
+++ b/signer.go
@@ -110,7 +110,7 @@ func (s *X509SVIDSigner) Certificate() (*x509.Certificate, error) {
 // the trust anchor.
 // Implements the aws_signing_helper.Signer interface.
 func (s *X509SVIDSigner) CertificateChain() ([]*x509.Certificate, error) {
-	if len(s.SVID.Certificates) < 1 {
+	if len(s.SVID.Certificates) > 1 {
 		return s.SVID.Certificates[1:], nil
 	}
 	return nil, nil