Skip to content

Commit

Permalink
[FAB-7012] Improve error message for invalid identity
Browse files Browse the repository at this point in the history 
The bccsp MSP does not allow CA certificates to be
used as identities.  This change improves the error
message by better describing the issue.

Change-Id: Ie371d3fdb19bf5ff6a64d57efcf7b528764bb939
Signed-off-by: Gari Singh <gari.r.singh@gmail.com>
  • Loading branch information
@mastersingh24
mastersingh24 committed Nov 24, 2017
1 parent 03d1479 commit e08875f
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion msp/mspimpl.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -442,7 +442,8 @@ func (msp *bccspmsp) getCertificationChainForBCCSPIdentity(id *identity) ([]*x50

// CAs cannot be directly used as identities..
if id.cert.IsCA {
return nil, errors.New("A CA certificate cannot be used directly by this MSP")
return nil, errors.New("An X509 certificate with Basic Constraint: " +
"Certificate Authority equals true cannot be used as an identity")
}

return msp.getValidationChain(id.cert, false)
Expand Down

0 comments on commit e08875f

Please sign in to comment.