crypto/x509: provide better error messages for X.509 verify failures. - go - Fork of Go programming language with my patches.

diff options

author	Adam Langley <agl@golang.org>	2013-05-20 14:20:26 -0400
committer	Adam Langley <agl@golang.org>	2013-05-20 14:20:26 -0400
commit	b419e2b57cb7bfa48cd04826f1b63ccb16ebe098 (patch)
tree	ec0836ad8ab8afc52d534cc78844f9977414a52b /src/cmd/api
parent	910bd157c94ce893ec4f092c065954c8842ac6f4 (diff)
download	go-b419e2b57cb7bfa48cd04826f1b63ccb16ebe098.tar.xz

crypto/x509: provide better error messages for X.509 verify failures.

Failures caused by errors like invalid signatures or missing hash functions cause rather generic, unhelpful error messages because no trust chain can be constructed: "x509: certificate signed by unknown authority." With this change, authority errors may contain the reason why an arbitary candidate step in the chain was rejected. For example, in the event of a missing hash function the error looks like: x509: certificate signed by unknown authority (possibly because of "crypto/x509: cannot verify signature: algorithm unimplemented" while trying to verify candidate authority certificate 'Thawte SGC CA') Fixes 5058. R=golang-dev, r CC=golang-dev https://golang.org/cl/9104051

Diffstat (limited to 'src/cmd/api')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: