Commit 49aa1d79 authored by Adam Langley's avatar Adam Langley

crypto/x509: return better error when a certificate contains no names.

Currently, if a certificate contains no names (that we parsed),
verification will return the confusing error:
    x509: certificate is valid for , not example.com.

This change improves the error for that situation.

Fixes #16834.

Change-Id: I2ed9ed08298d7d50df758e503bdb55277449bf55
Reviewed-on: https://go-review.googlesource.com/30152Reviewed-by: default avatarBrad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Adam Langley <agl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
parent e4dafa32
......@@ -87,6 +87,10 @@ func (h HostnameError) Error() string {
valid = c.Subject.CommonName
}
}
if len(valid) == 0 {
return "x509: certificate is not valid for any names, but wanted to match " + h.Host
}
return "x509: certificate is valid for " + valid + ", not " + h.Host
}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment