mirror of
https://github.com/golang/go
synced 2024-11-26 06:27:58 -07:00
crypto/tls: add CertificateVerificationError to tls handshake
Fixes #48152
Change-Id: I503f088edeb5574fd5eb5905bff7c3c23b2bc8fc
GitHub-Last-Rev: 2b0e982f3f
GitHub-Pull-Request: golang/go#56686
Reviewed-on: https://go-review.googlesource.com/c/go/+/449336
Run-TryBot: Roland Shoemaker <roland@golang.org>
Auto-Submit: Roland Shoemaker <roland@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Julie Qiu <julieqiu@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
This commit is contained in:
parent
fd00c14bf1
commit
f64c2a2ce5
5
api/next/48152.txt
Normal file
5
api/next/48152.txt
Normal file
@ -0,0 +1,5 @@
|
||||
pkg crypto/tls, type CertificateVerificationError struct #48152
|
||||
pkg crypto/tls, type CertificateVerificationError struct, UnverifiedCertificates []*x509.Certificate #48152
|
||||
pkg crypto/tls, type CertificateVerificationError struct, Err error #48152
|
||||
pkg crypto/tls, method (*CertificateVerificationError) Error() string #48152
|
||||
pkg crypto/tls, method (*CertificateVerificationError) Unwrap() error #48152
|
@ -1493,3 +1493,18 @@ func isSupportedSignatureAlgorithm(sigAlg SignatureScheme, supportedSignatureAlg
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
// CertificateVerificationError is returned when certificate verification fails during the handshake.
|
||||
type CertificateVerificationError struct {
|
||||
// UnverifiedCertificates and its contents should not be modified.
|
||||
UnverifiedCertificates []*x509.Certificate
|
||||
Err error
|
||||
}
|
||||
|
||||
func (e *CertificateVerificationError) Error() string {
|
||||
return fmt.Sprintf("tls: failed to verify certificate: %s", e.Err)
|
||||
}
|
||||
|
||||
func (e *CertificateVerificationError) Unwrap() error {
|
||||
return e.Err
|
||||
}
|
||||
|
@ -876,7 +876,7 @@ func (c *Conn) verifyServerCertificate(certificates [][]byte) error {
|
||||
c.verifiedChains, err = certs[0].Verify(opts)
|
||||
if err != nil {
|
||||
c.sendAlert(alertBadCertificate)
|
||||
return err
|
||||
return &CertificateVerificationError{UnverifiedCertificates: certs, Err: err}
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -831,7 +831,7 @@ func (c *Conn) processCertsFromClient(certificate Certificate) error {
|
||||
chains, err := certs[0].Verify(opts)
|
||||
if err != nil {
|
||||
c.sendAlert(alertBadCertificate)
|
||||
return errors.New("tls: failed to verify client certificate: " + err.Error())
|
||||
return &CertificateVerificationError{UnverifiedCertificates: certs, Err: err}
|
||||
}
|
||||
|
||||
c.verifiedChains = chains
|
||||
|
@ -4818,7 +4818,7 @@ func testTransportEventTraceTLSVerify(t *testing.T, mode testMode) {
|
||||
|
||||
wantOnce("TLSHandshakeStart")
|
||||
wantOnce("TLSHandshakeDone")
|
||||
wantOnce("err = x509: certificate is valid for example.com")
|
||||
wantOnce("err = tls: failed to verify certificate: x509: certificate is valid for example.com")
|
||||
|
||||
if t.Failed() {
|
||||
t.Errorf("Output:\n%s", got)
|
||||
|
Loading…
Reference in New Issue
Block a user