Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto/tls: wrap handshake errors #48151

Open
ptagrawal opened this issue Sep 2, 2021 · 2 comments
Open

crypto/tls: wrap handshake errors #48151

ptagrawal opened this issue Sep 2, 2021 · 2 comments
Labels
NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Milestone

Comments

@ptagrawal
Copy link

ptagrawal commented Sep 2, 2021

What version of Go are you using (go version)?

$ go version
1.14.12

Does this issue reproduce with the latest release?

Not sure

What operating system and processor architecture are you using (go env)?

Busybox OS, ARM architecture

go env Output
$ go env

What did you do?

We are trying to print the certs in the event when the cert based handshake fails.

What did you expect to see?

In the event of invalid certs being provided to establish a connection the tls handshake should fail, and trying to print the bad certificate using errors.As should log the certificate.

What did you see instead?

From the code it looks like its done wrong for client certs.
chains, err := certs[0].Verify(opts)
if err != nil {
c.sendAlert(alertBadCertificate)
return errors.New("tls: failed to verify client certificate: " + err.Error())
}

@seankhliao seankhliao changed the title fix the error that comes back from the client handshake to use (fmt.Errorf + %w) so it works with errors.As crypto/tls: wrap handshake errors Sep 2, 2021
@seankhliao seankhliao added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Sep 2, 2021
@seankhliao
Copy link
Member

seankhliao commented Sep 2, 2021

cc @FiloSottile

@izolight
Copy link
Contributor

izolight commented Nov 14, 2022

This PR #56686 implements that.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Projects
None yet
Development

No branches or pull requests

3 participants