diff options
author | Carlos Amedee <carlos@golang.org> | 2023-01-10 13:50:39 -0500 |
---|---|---|
committer | Carlos Amedee <carlos@golang.org> | 2023-01-10 13:50:39 -0500 |
commit | 7058c2cb4132291e1b6c9498a9a6f13a9a70ff85 (patch) | |
tree | 7701af5d953be20ade9ca141c562b3262c703716 /src/crypto/x509/root_darwin.go | |
parent | fc1ed37e824b2f87e287e1bc4597253f1b30b3b3 (diff) | |
parent | 581603cb7d02019bbf4ff508014038f3120a3dcb (diff) | |
download | go-dev.boringcrypto.go1.18.tar.gz go-dev.boringcrypto.go1.18.zip |
[dev.boringcrypto.go1.18] all: merge go1.18.10 into dev.boringcrypto.go1.18dev.boringcrypto.go1.18
Change-Id: I0dcc4e288cba62382f6bd06b2cf0ff843309220c
Diffstat (limited to 'src/crypto/x509/root_darwin.go')
-rw-r--r-- | src/crypto/x509/root_darwin.go | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/src/crypto/x509/root_darwin.go b/src/crypto/x509/root_darwin.go index ad365f577e..c35885ace8 100644 --- a/src/crypto/x509/root_darwin.go +++ b/src/crypto/x509/root_darwin.go @@ -7,6 +7,7 @@ package x509 import ( macOS "crypto/x509/internal/macos" "errors" + "fmt" ) func (c *Certificate) systemVerify(opts *VerifyOptions) (chains [][]*Certificate, err error) { @@ -54,8 +55,17 @@ func (c *Certificate) systemVerify(opts *VerifyOptions) (chains [][]*Certificate // always enforce its SCT requirements, and there are still _some_ people // using TLS or OCSP for that. - if err := macOS.SecTrustEvaluateWithError(trustObj); err != nil { - return nil, err + if ret, err := macOS.SecTrustEvaluateWithError(trustObj); err != nil { + switch ret { + case macOS.ErrSecCertificateExpired: + return nil, CertificateInvalidError{c, Expired, err.Error()} + case macOS.ErrSecHostNameMismatch: + return nil, HostnameError{c, opts.DNSName} + case macOS.ErrSecNotTrusted: + return nil, UnknownAuthorityError{Cert: c} + default: + return nil, fmt.Errorf("x509: %s", err) + } } chain := [][]*Certificate{{}} |