crypto/tls: improve error messages for invalid certificates and signatures

Also, fix the alert value sent when a signature by a client certificate is invalid in TLS 1.0-1.2. Fixes #35190 Change-Id: I2ae1d5593dfd5ee2b4d979664aec74aab4a8a704 Reviewed-on: https://go-review.googlesource.com/c/go/+/204157 Reviewed-by: Katie Hockman <katie@golang.org>
author: Filippo Valsorda <filippo@golang.org> 2019-10-29 16:46:26 -0400
committer: Filippo Valsorda <filippo@golang.org> 2019-10-30 20:18:59 +0000
commit: cd18da451faedc4218a5fd0e38f9b3d13aa5da01 (patch)
tree: 8e10c35fa895c9f53504b3f845cc1d70329c82da /src/crypto/tls/handshake_server.go
parent: a05934639bde593326f8d7ed9eb3f73f9ba6eb53 (diff)
download: go-cd18da451faedc4218a5fd0e38f9b3d13aa5da01.tar.xz
1 files changed, 6 insertions, 9 deletions
diff --git a/src/crypto/tls/handshake_server.go b/src/crypto/tls/handshake_server.go
index ab5be72f76..db0a756698 100644
--- a/src/crypto/tls/handshake_server.go
+++ b/src/crypto/tls/handshake_server.go
@@ -560,13 +560,10 @@ func (hs *serverHandshakeState) doFullHandshake() error {
 			return err
 		}
 
-		signed, err := hs.finishedHash.hashForClientCertificate(sigType, hashFunc, hs.masterSecret)
-		if err == nil {
-			err = verifyHandshakeSignature(sigType, pub, hashFunc, signed, certVerify.signature)
-		}
-		if err != nil {
-			c.sendAlert(alertBadCertificate)
-			return errors.New("tls: could not validate signature of connection nonces: " + err.Error())
+		signed := hs.finishedHash.hashForClientCertificate(sigType, hashFunc, hs.masterSecret)
+		if err := verifyHandshakeSignature(sigType, pub, hashFunc, signed, certVerify.signature); err != nil {
+			c.sendAlert(alertDecryptError)
+			return errors.New("tls: invalid signature by the client certificate: " + err.Error())
 		}
 
 		hs.finishedHash.Write(certVerify.marshal())
@@ -717,7 +714,7 @@ func (c *Conn) processCertsFromClient(certificate Certificate) error {
 		chains, err := certs[0].Verify(opts)
 		if err != nil {
 			c.sendAlert(alertBadCertificate)
-			return errors.New("tls: failed to verify client's certificate: " + err.Error())
+			return errors.New("tls: failed to verify client certificate: " + err.Error())
 		}
 
 		c.verifiedChains = chains
@@ -738,7 +735,7 @@ func (c *Conn) processCertsFromClient(certificate Certificate) error {
 	case *ecdsa.PublicKey, *rsa.PublicKey, ed25519.PublicKey:
 	default:
 		c.sendAlert(alertUnsupportedCertificate)
-		return fmt.Errorf("tls: client's certificate contains an unsupported public key of type %T", certs[0].PublicKey)
+		return fmt.Errorf("tls: client certificate contains an unsupported public key of type %T", certs[0].PublicKey)
 	}
 
 	c.peerCertificates = certs
author	Filippo Valsorda <filippo@golang.org>	2019-10-29 16:46:26 -0400
committer	Filippo Valsorda <filippo@golang.org>	2019-10-30 20:18:59 +0000
commit	cd18da451faedc4218a5fd0e38f9b3d13aa5da01 (patch)
tree	8e10c35fa895c9f53504b3f845cc1d70329c82da /src/crypto/tls/handshake_server.go
parent	a05934639bde593326f8d7ed9eb3f73f9ba6eb53 (diff)
download	go-cd18da451faedc4218a5fd0e38f9b3d13aa5da01.tar.xz