VerifySignature previously hardcoded x509.SHA1WithRSA as the
verification signature. As of Go 1.10, the x509 package verifies that
the requested algorithm matches the certificate's public key type.
VerifySignature would then fail for certificates with DSA keys, such
as AWS's EC2 instance identity documents.
Fix this by always using the certificate's algorithm directly.
VerifySignature previously hardcoded x509.SHA1WithRSA as the verification signature. As of Go 1.10, the x509 package verifies that the requested algorithm matches the certificate's public key type. VerifySignature would then fail for certificates with DSA keys, such as AWS's EC2 instance identity documents.
Fix this by always using the certificate's algorithm directly.