-
Adam Langley authored
Failures caused by errors like invalid signatures or missing hash functions cause rather generic, unhelpful error messages because no trust chain can be constructed: "x509: certificate signed by unknown authority." With this change, authority errors may contain the reason why an arbitary candidate step in the chain was rejected. For example, in the event of a missing hash function the error looks like: x509: certificate signed by unknown authority (possibly because of "crypto/x509: cannot verify signature: algorithm unimplemented" while trying to verify candidate authority certificate 'Thawte SGC CA') Fixes 5058. R=golang-dev, r CC=golang-dev https://golang.org/cl/9104051
b419e2b5
