From: Techassi <git@techassi.dev>
Date: Mon, 6 May 2024 07:35:48 +0000 (+0000)
Subject: crypto/x509: include OID in duplicate extension error message
X-Git-Tag: go1.23rc1~457
X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=9050ce9b334419066c364e747499a2faf4425dad;p=gostls13.git

crypto/x509: include OID in duplicate extension error message

Include the OID in the error message when parsing X.509
certificates. This should ease fixing such issues, because
users can clearly identify the duplicate extension via the
reported error. Previously, this wasn't possible and
required either manually adjusting the standard library or
inspecting the certificate with various debugging tools.

Fixes #66880

Change-Id: I8c22f3a9f9c648ccff66073840830208832a3f85
GitHub-Last-Rev: b855a161d46f208e57f19c87e01140cc77865422
GitHub-Pull-Request: golang/go#67157
Reviewed-on: https://go-review.googlesource.com/c/go/+/583096
Reviewed-by: Roland Shoemaker <roland@golang.org>
Auto-Submit: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
---

diff --git a/src/crypto/x509/parser.go b/src/crypto/x509/parser.go
index 812b0d2d28..800cc6620c 100644
--- a/src/crypto/x509/parser.go
+++ b/src/crypto/x509/parser.go
@@ -964,7 +964,7 @@ func parseCertificate(der []byte) (*Certificate, error) {
 					}
 					oidStr := ext.Id.String()
 					if seenExts[oidStr] {
-						return nil, errors.New("x509: certificate contains duplicate extensions")
+						return nil, fmt.Errorf("x509: certificate contains duplicate extension with OID %q", oidStr)
 					}
 					seenExts[oidStr] = true
 					cert.Extensions = append(cert.Extensions, ext)