• Adam Langley's avatar
    crypto/x509: provide better error messages for X.509 verify failures. · b419e2b5
    Adam Langley authored
    Failures caused by errors like invalid signatures or missing hash
    functions cause rather generic, unhelpful error messages because no
    trust chain can be constructed: "x509: certificate signed by unknown
    authority."
    
    With this change, authority errors may contain the reason why an
    arbitary candidate step in the chain was rejected. For example, in the
    event of a missing hash function the error looks like:
    
    x509: certificate signed by unknown authority (possibly because of
    "crypto/x509: cannot verify signature: algorithm unimplemented" while
    trying to verify candidate authority certificate 'Thawte SGC CA')
    
    Fixes 5058.
    
    R=golang-dev, r
    CC=golang-dev
    https://golang.org/cl/9104051
    b419e2b5
cert_pool.go 2.73 KB