crypto/x509: include more hints for verification failure

Include hint from isValid, as well as CheckSignatureFrom. Change-Id: I408f73fc5f12572f1937da50be7fa3e1109164b0 Reviewed-on: https://go-review.googlesource.com/c/go/+/454477 TryBot-Result: Gopher Robot <gobot@golang.org> Auto-Submit: Roland Shoemaker <roland@golang.org> Run-TryBot: Roland Shoemaker <roland@golang.org> Reviewed-by: Damien Neil <dneil@google.com>
author: Roland Shoemaker <roland@golang.org> 2022-12-01 09:24:06 -0800
committer: Gopher Robot <gobot@golang.org> 2022-12-01 18:11:42 +0000
commit: 36b87f273cc43e21685179dc1664ebb5493d26ae (patch)
tree: 20af11dfe28a79409f1fc2a7a29e0b651a4b27b8 /src/crypto
parent: 2ca32a5b99c37ac5851ecd5b994b3ba86f9766f7 (diff)
download: go-36b87f273cc43e21685179dc1664ebb5493d26ae.tar.xz
1 files changed, 4 insertions, 0 deletions
diff --git a/src/crypto/x509/verify.go b/src/crypto/x509/verify.go
index cb6479f345..0b01f8b475 100644
--- a/src/crypto/x509/verify.go
+++ b/src/crypto/x509/verify.go
@@ -925,6 +925,10 @@ func (c *Certificate) buildChains(currentChain []*Certificate, sigChecks *int, o
 
 		err = candidate.isValid(certType, currentChain, opts)
 		if err != nil {
+			if hintErr == nil {
+				hintErr = err
+				hintCert = candidate
+			}
 			return
 		}
author	Roland Shoemaker <roland@golang.org>	2022-12-01 09:24:06 -0800
committer	Gopher Robot <gobot@golang.org>	2022-12-01 18:11:42 +0000
commit	36b87f273cc43e21685179dc1664ebb5493d26ae (patch)
tree	20af11dfe28a79409f1fc2a7a29e0b651a4b27b8 /src/crypto
parent	2ca32a5b99c37ac5851ecd5b994b3ba86f9766f7 (diff)
download	go-36b87f273cc43e21685179dc1664ebb5493d26ae.tar.xz