From 9050ce9b334419066c364e747499a2faf4425dad Mon Sep 17 00:00:00 2001
From: Techassi <git@techassi.dev>
Date: Mon, 6 May 2024 07:35:48 +0000
Subject: [PATCH] crypto/x509: include OID in duplicate extension error message

Include the OID in the error message when parsing X.509
certificates. This should ease fixing such issues, because
users can clearly identify the duplicate extension via the
reported error. Previously, this wasn't possible and
required either manually adjusting the standard library or
inspecting the certificate with various debugging tools.

Fixes #66880

Change-Id: I8c22f3a9f9c648ccff66073840830208832a3f85
GitHub-Last-Rev: b855a161d46f208e57f19c87e01140cc77865422
GitHub-Pull-Request: golang/go#67157
Reviewed-on: https://go-review.googlesource.com/c/go/+/583096
Reviewed-by: Roland Shoemaker <roland@golang.org>
Auto-Submit: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
---
 src/crypto/x509/parser.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/crypto/x509/parser.go b/src/crypto/x509/parser.go
index 812b0d2d28..800cc6620c 100644
--- a/src/crypto/x509/parser.go
+++ b/src/crypto/x509/parser.go
@@ -964,7 +964,7 @@ func parseCertificate(der []byte) (*Certificate, error) {
 					}
 					oidStr := ext.Id.String()
 					if seenExts[oidStr] {
-						return nil, errors.New("x509: certificate contains duplicate extensions")
+						return nil, fmt.Errorf("x509: certificate contains duplicate extension with OID %q", oidStr)
 					}
 					seenExts[oidStr] = true
 					cert.Extensions = append(cert.Extensions, ext)