From 36b87f273cc43e21685179dc1664ebb5493d26ae Mon Sep 17 00:00:00 2001
From: Roland Shoemaker <roland@golang.org>
Date: Thu, 1 Dec 2022 09:24:06 -0800
Subject: [PATCH] crypto/x509: include more hints for verification failure

Include hint from isValid, as well as CheckSignatureFrom.

Change-Id: I408f73fc5f12572f1937da50be7fa3e1109164b0
Reviewed-on: https://go-review.googlesource.com/c/go/+/454477
TryBot-Result: Gopher Robot <gobot@golang.org>
Auto-Submit: Roland Shoemaker <roland@golang.org>
Run-TryBot: Roland Shoemaker <roland@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
---
 src/crypto/x509/verify.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/crypto/x509/verify.go b/src/crypto/x509/verify.go
index cb6479f345..0b01f8b475 100644
--- a/src/crypto/x509/verify.go
+++ b/src/crypto/x509/verify.go
@@ -925,6 +925,10 @@ func (c *Certificate) buildChains(currentChain []*Certificate, sigChecks *int, o
 
 		err = candidate.isValid(certType, currentChain, opts)
 		if err != nil {
+			if hintErr == nil {
+				hintErr = err
+				hintCert = candidate
+			}
 			return
 		}
 
-- 
2.50.0