From bb51a74cb82eeaa977821fa7314810c7b8be55cb Mon Sep 17 00:00:00 2001 From: Eugene Burkov Date: Sun, 30 Oct 2022 23:23:40 +0300 Subject: [PATCH] home: imp code --- internal/home/tls.go | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/internal/home/tls.go b/internal/home/tls.go index 9b0839e9f81..9de087b37df 100644 --- a/internal/home/tls.go +++ b/internal/home/tls.go @@ -525,9 +525,10 @@ func validateCertChain(chain []byte, srvName string) (main *x509.Certificate, ok Intermediates: pool, } _, err = main.Verify(opts) + err = errors.Annotate(err, "certificate does not verify: %w") // Let self-signed certs through and don't return this error. - return main, true, errors.Annotate(err, "certificate does not verify: %w") + return main, true, err } // parsePEMCerts parses multiple PEM-encoded certificates. @@ -549,7 +550,8 @@ func parsePEMCerts(certs []*pem.Block) (parsedCerts []*x509.Certificate, err err return parsedCerts, nil } -// validatePKey validates the private key, returning its type. +// validatePKey validates the private key, returning its type. It returns an +// empty string if error occurs. func validatePKey(pkey []byte) (keyType string, err error) { var key *pem.Block @@ -620,11 +622,11 @@ func validateCertificates( // Validate the private key by parsing it. if len(pkey) > 0 { - var verr error - status.KeyType, verr = validatePKey(pkey) - if verr != nil { + var keyErr error + status.KeyType, keyErr = validatePKey(pkey) + if keyErr != nil { // Don't wrap the error, since it's informative enough as is. - return verr + return keyErr } status.ValidKey = true @@ -632,9 +634,9 @@ func validateCertificates( // If both are set, validate together. if len(certChain) > 0 && len(pkey) > 0 { - _, verr := tls.X509KeyPair(certChain, pkey) - if verr != nil { - return fmt.Errorf("certificate-key pair: %w", verr) + _, pairErr := tls.X509KeyPair(certChain, pkey) + if pairErr != nil { + return fmt.Errorf("certificate-key pair: %w", pairErr) } status.ValidPair = true