crypto/x509: include OID in duplicate extension error message

Include the OID in the error message when parsing X.509 certificates. This should ease fixing such issues, because users can clearly identify the duplicate extension via the reported error. Previously, this wasn't possible and required either manually adjusting the standard library or inspecting the certificate with various debugging tools. Fixes #66880 Change-Id: I8c22f3a9f9c648ccff66073840830208832a3f85 GitHub-Last-Rev: b855a161d4 GitHub-Pull-Request: golang/go#67157 Reviewed-on: https://go-review.googlesource.com/c/go/+/583096 Reviewed-by: Roland Shoemaker <roland@golang.org> Auto-Submit: Roland Shoemaker <roland@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Cherry Mui <cherryyz@google.com>
2024-11-15 02:40:32 -07:00 · 2024-05-06 07:35:48 +00:00 · 2024-05-06 07:35:48 +00:00 · 9050ce9b33
commit 9050ce9b33
parent 3c72dd513c
1 changed files with 1 additions and 1 deletions
--- a/src/crypto/x509/parser.go
+++ b/src/crypto/x509/parser.go
@ -964,7 +964,7 @@ func parseCertificate(der []byte) (*Certificate, error) {
 					}
 					oidStr := ext.Id.String()
 					if seenExts[oidStr] {
-						return nil, errors.New("x509: certificate contains duplicate extensions")
+						return nil, fmt.Errorf("x509: certificate contains duplicate extension with OID %q", oidStr)
 					}
 					seenExts[oidStr] = true
 					cert.Extensions = append(cert.Extensions, ext)