Skip to content

Commit

Permalink
Revert "Remove unneeded looping since Go 1.10 cover it already (#4010)"
Browse files Browse the repository at this point in the history 
This reverts commit 8aeba42.
  • Loading branch information
@jefferai
jefferai committed Feb 23, 2018
1 parent b175583 commit 831fbe2
Showing 1 changed file with 21 additions and 5 deletions.
26 changes: 21 additions & 5 deletions builtin/credential/cert/path_login.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -439,12 +439,28 @@ func validateConnState(roots *x509.CertPool, cs *tls.ConnectionState) ([][]*x509
}
}

chains, err := certs[0].Verify(opts)
if err != nil {
if _, ok := err.(x509.UnknownAuthorityError); ok {
return nil, nil
var chains [][]*x509.Certificate
var err error
switch {
case len(certs[0].DNSNames) > 0:
for _, dnsName := range certs[0].DNSNames {
opts.DNSName = dnsName
chains, err = certs[0].Verify(opts)
if err != nil {
if _, ok := err.(x509.UnknownAuthorityError); ok {
return nil, nil
}
return nil, errors.New("failed to verify client's certificate: " + err.Error())
}
}
default:
chains, err = certs[0].Verify(opts)
if err != nil {
if _, ok := err.(x509.UnknownAuthorityError); ok {
return nil, nil
}
return nil, errors.New("failed to verify client's certificate: " + err.Error())
}
return nil, errors.New("failed to verify client's certificate: " + err.Error())
}

return chains, nil
Expand Down

0 comments on commit 831fbe2

Please sign in to comment.