Stowage/go
2
0
Fork 0
mirror of https://github.com/golang/go.git synced 2025-12-08 06:10:04 +00:00
Code Issues Projects Releases Packages Wiki Activity

crypto/tls: better error messages for certificate issues.

Browse source 
Fixes #1146.

R=rsc, agl1
CC=golang-dev
https://golang.org/cl/2380042
This commit is contained in:
Adam Langley 2010-10-11 10:39:56 -04:00
parent 1e66a21348
commit f6e2eab8e0
3 changed files with 21 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

9
src/pkg/crypto/tls/handshake_server.go
View file

@ -145,7 +145,8 @@ func (c *Conn) serverHandshake() os.Error {
for i, asn1Data := range certMsg.certificates {
cert, err := x509.ParseCertificate(asn1Data)
if err != nil {
return c.sendAlert(alertBadCertificate)
c.sendAlert(alertBadCertificate)
return os.ErrorString("could not parse client's certificate: " + err.String())
}
certs[i] = cert
}
@ -153,7 +154,8 @@ func (c *Conn) serverHandshake() os.Error {
// TODO(agl): do better validation of certs: max path length, name restrictions etc.
for i := 1; i < len(certs); i++ {
if err := certs[i-1].CheckSignatureFrom(certs[i]); err != nil {
return c.sendAlert(alertBadCertificate)
c.sendAlert(alertBadCertificate)
return os.ErrorString("could not validate certificate signature: " + err.String())
}
}
@ -199,7 +201,8 @@ func (c *Conn) serverHandshake() os.Error {
copy(digest[16:36], finishedHash.serverSHA1.Sum())
err = rsa.VerifyPKCS1v15(pub, rsa.HashMD5SHA1, digest, certVerify.signature)
if err != nil {
return c.sendAlert(alertBadCertificate)
c.sendAlert(alertBadCertificate)
return os.ErrorString("could not validate signature of connection nonces: " + err.String())
}
finishedHash.Write(certVerify.marshal())