From: Roland Shoemaker <roland@golang.org>
Date: Thu, 1 Dec 2022 17:24:06 +0000 (-0800)
Subject: crypto/x509: include more hints for verification failure
X-Git-Tag: go1.20rc1~55
X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=36b87f273cc43e21685179dc1664ebb5493d26ae;p=gostls13.git

crypto/x509: include more hints for verification failure

Include hint from isValid, as well as CheckSignatureFrom.

Change-Id: I408f73fc5f12572f1937da50be7fa3e1109164b0
Reviewed-on: https://go-review.googlesource.com/c/go/+/454477
TryBot-Result: Gopher Robot <gobot@golang.org>
Auto-Submit: Roland Shoemaker <roland@golang.org>
Run-TryBot: Roland Shoemaker <roland@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
---

diff --git a/src/crypto/x509/verify.go b/src/crypto/x509/verify.go
index cb6479f345..0b01f8b475 100644
--- a/src/crypto/x509/verify.go
+++ b/src/crypto/x509/verify.go
@@ -925,6 +925,10 @@ func (c *Certificate) buildChains(currentChain []*Certificate, sigChecks *int, o
 
 		err = candidate.isValid(certType, currentChain, opts)
 		if err != nil {
+			if hintErr == nil {
+				hintErr = err
+				hintCert = candidate
+			}
 			return
 		}