smx509: include more hints for verification failure

2025-04-26 12:16:20 +08:00 · 2022-12-02 08:47:39 +08:00 · 2022-12-02 08:47:39 +08:00 · acf6edec18
commit acf6edec18
parent 13f777bb2f
2 changed files with 5 additions and 1 deletions
--- a/sm2/sm2.go
+++ b/sm2/sm2.go
@ -578,7 +578,7 @@ func encodeSignature(r, s []byte) ([]byte, error) {
 // addASN1IntBytes encodes in ASN.1 a positive integer represented as
 // a big-endian byte slice with zero or more leading zeroes.
 func addASN1IntBytes(b *cryptobyte.Builder, bytes []byte) {
-	for len(bytes) > 1 && bytes[0] == 0 {
+	for len(bytes) > 0 && bytes[0] == 0 {
 		bytes = bytes[1:]
 	}
 	if len(bytes) == 0 {
--- a/smx509/verify.go
+++ b/smx509/verify.go
@ -802,6 +802,10 @@ func (c *Certificate) buildChains(currentChain []*Certificate, sigChecks *int, o

 		err = candidate.isValid(certType, currentChain, opts)
 		if err != nil {
+			if hintErr == nil {
+				hintErr = err
+				hintCert = candidate
+			}
 			return
 		}