Google Git
Sign in
go / go / b419e2b57cb7bfa48cd04826f1b63ccb16ebe098
commitb419e2b57cb7bfa48cd04826f1b63ccb16ebe098[log] [tgz]
authorAdam Langley <agl@golang.org>Mon May 20 14:20:26 2013 -0400
committerAdam Langley <agl@golang.org>Mon May 20 14:20:26 2013 -0400
treeec0836ad8ab8afc52d534cc78844f9977414a52b
parent910bd157c94ce893ec4f092c065954c8842ac6f4 [diff]
crypto/x509: provide better error messages for X.509 verify failures.

Failures caused by errors like invalid signatures or missing hash
functions cause rather generic, unhelpful error messages because no
trust chain can be constructed: "x509: certificate signed by unknown
authority."

With this change, authority errors may contain the reason why an
arbitary candidate step in the chain was rejected. For example, in the
event of a missing hash function the error looks like:

x509: certificate signed by unknown authority (possibly because of
"crypto/x509: cannot verify signature: algorithm unimplemented" while
trying to verify candidate authority certificate 'Thawte SGC CA')

Fixes 5058.

R=golang-dev, r
CC=golang-dev
https://golang.org/cl/9104051
4 files changed
tree: ec0836ad8ab8afc52d534cc78844f9977414a52b
  1. api/
  2. doc/
  3. include/
  4. lib/
  5. misc/
  6. src/
  7. test/
  8. .hgignore
  9. .hgtags
  10. AUTHORS
  11. CONTRIBUTORS
  12. favicon.ico
  13. LICENSE
  14. PATENTS
  15. README
  16. robots.txt