New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto/x509: UnknownAuthorityError should expose private Certificate #13519
Comments
The information seems to be there: // UnknownAuthorityError results when the certificate issuer is unknown
type UnknownAuthorityError struct {
cert *Certificate
// hintErr contains an error that may be helpful in determining why an
// authority wasn't found.
hintErr error
// hintCert contains a possible authority certificate that was rejected
// because of the error in hintErr.
hintCert *Certificate
} So maybe it just needs an accessor method? /cc @agl for opinions |
An accessor method would work, I was originally thinking of renaming Either way I'm happy to write up a patch for this and sit on it until the freeze is over. |
Ping @agl: Does it seem OK to add:
? We can write the CL. Thanks. |
Assuming yes given CertificateInvalidError and HostnameError. Too bad those spell Cert/Certificate differently. I'll go with Cert to match CertificateInvalidError. |
CL https://golang.org/cl/32644 mentions this issue. |
Like
CertificateInvalidError
andHostnameError
, it would be useful to expose theCertificate
inUnknownAuthorityError
as this provides important information for TLS/X509 testing tools.This would also present a slightly more consistent API for the various X509 validation errors.
The text was updated successfully, but these errors were encountered: