crypto/x509: include OID in duplicate extension error message

Include the OID in the error message when parsing X.509
certificates. This should ease fixing such issues, because
users can clearly identify the duplicate extension via the
reported error. Previously, this wasn't possible and
required either manually adjusting the standard library or
inspecting the certificate with various debugging tools.

Fixes #66880

Change-Id: I8c22f3a9f9c648ccff66073840830208832a3f85
GitHub-Last-Rev: b855a161d46f208e57f19c87e01140cc77865422
GitHub-Pull-Request: golang/go#67157
Reviewed-on: https://go-review.googlesource.com/c/go/+/583096
Reviewed-by: Roland Shoemaker <roland@golang.org>
Auto-Submit: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>

diff --git a/src/crypto/x509/parser.go b/src/crypto/x509/parser.go
index 812b0d2d28540a3af388501937aea67e7b642925..800cc6620c696a81c2c5f167eda4e0b98a835423 100644 (file)
--- a/src/crypto/x509/parser.go
+++ b/src/crypto/x509/parser.go
@@ -964,7 +964,7 @@ func parseCertificate(der []byte) (*Certificate, error) {
                                        }
                                        oidStr := ext.Id.String()
                                        if seenExts[oidStr] {
-                                               return nil, errors.New("x509: certificate contains duplicate extensions")
+                                               return nil, fmt.Errorf("x509: certificate contains duplicate extension with OID %q", oidStr)
                                        }
                                        seenExts[oidStr] = true
                                        cert.Extensions = append(cert.Extensions, ext)