From 4e7a8222d82ab33728fac2a86cd7a7129843698a Mon Sep 17 00:00:00 2001
From: Phil Porada <pgporada@users.noreply.github.com>
Date: Thu, 17 Aug 2023 11:28:52 -0400
Subject: [PATCH] Update cmd/ceremony/cert.go

Co-authored-by: Aaron Gable <aaron@letsencrypt.org>
---
 cmd/ceremony/cert.go | 11 ++---------
 1 file changed, 2 insertions(+), 9 deletions(-)

diff --git a/cmd/ceremony/cert.go b/cmd/ceremony/cert.go
index 04f841f4394..1e95c10b1c2 100644
--- a/cmd/ceremony/cert.go
+++ b/cmd/ceremony/cert.go
@@ -214,15 +214,8 @@ func generateSKID(pk []byte) ([]byte, error) {
 // makeTemplate generates the certificate template for use in x509.CreateCertificate
 func makeTemplate(randReader io.Reader, profile *certProfile, pubKey []byte, tbcs *x509.Certificate, ct certType) (*x509.Certificate, error) {
 	// Handle "unrestricted" vs "restricted" subordinate CA profile specifics.
-	if ct == crossCert {
-		if tbcs == nil {
-			return nil, fmt.Errorf("toBeCrossSigned cert field was nil, but was required to gather EKUs for the lint cert")
-		}
-	} else {
-		// Throw this parameter away for every other ceremony type.
-		if tbcs != nil {
-			tbcs = nil
-		}
+	if ct == crossCert && tbcs == nil {
+		return nil, fmt.Errorf("toBeCrossSigned cert field was nil, but was required to gather EKUs for the lint cert")
 	}
 
 	var ocspServer []string