sloum/bombadillo
sloum
/
bombadillo
5
27
Fork 7
Code Issues 18 Pull Requests 1 Releases 9 Activity

Improves certificate error messaging

This commit is contained in:
sloumdrone 2019-10-11 21:33:57 -07:00
parent 74ada2b8ed
commit 3af224056a
1 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
gemini/gemini.go
View File

@ -100,17 +100,24 @@ func (t *TofuDigest) Match(host string, cState *tls.ConnectionState) error {
func (t *TofuDigest) newCert(host string, cState *tls.ConnectionState) error {
host = strings.ToLower(host)
now := time.Now()
var reasons strings.Builder
for _, cert := range cState.PeerCertificates {
for index, cert := range cState.PeerCertificates {
if index > 0 {
reasons.WriteString("; ")
}
if now.Before(cert.NotBefore) {
reasons.WriteString(fmt.Sprintf("Cert [%d] is not valid yet", index + 1))
continue
}
if now.After(cert.NotAfter) {
reasons.WriteString(fmt.Sprintf("Cert [%d] is expired", index + 1))
continue
}
if err := cert.VerifyHostname(host); err != nil {
reasons.WriteString(fmt.Sprintf("Cert [%d] hostname does not match", index + 1))
continue
}
@ -118,7 +125,7 @@ func (t *TofuDigest) newCert(host string, cState *tls.ConnectionState) error {
return nil
}
return fmt.Errorf("No valid certificates were offered by host %q", host)
return fmt.Errorf(reasons.String())
}
func (t *TofuDigest) IniDump() string {