]> Cypherpunks.ru repositories - gostls13.git/commitdiff
projects / gostls13.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 2ca32a5)
crypto/x509: include more hints for verification failure
authorRoland Shoemaker <roland@golang.org>
Thu, 1 Dec 2022 17:24:06 +0000 (09:24 -0800)
committerGopher Robot <gobot@golang.org>
Thu, 1 Dec 2022 18:11:42 +0000 (18:11 +0000)
Include hint from isValid, as well as CheckSignatureFrom.

Change-Id: I408f73fc5f12572f1937da50be7fa3e1109164b0
Reviewed-on: https://go-review.googlesource.com/c/go/+/454477
TryBot-Result: Gopher Robot <gobot@golang.org>
Auto-Submit: Roland Shoemaker <roland@golang.org>
Run-TryBot: Roland Shoemaker <roland@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
src/crypto/x509/verify.go patch | blob | history

diff --git a/src/crypto/x509/verify.go b/src/crypto/x509/verify.go
index cb6479f34556dab12fa89982d4a9dd69cee850f3..0b01f8b47536a28d431ae88b21120a85deee72a7 100644 (file)
--- a/src/crypto/x509/verify.go
+++ b/src/crypto/x509/verify.go
@@ -925,6 +925,10 @@ func (c *Certificate) buildChains(currentChain []*Certificate, sigChecks *int, o
 
                err = candidate.isValid(certType, currentChain, opts)
                if err != nil {
+                       if hintErr == nil {
+                               hintErr = err
+                               hintCert = candidate
+                       }
                        return
                }
 
Go GOST TLS 1.3