Ignore non-fatal errors when parsing root certificates

This commit is contained in:
Andrew Ayer 2016-02-05 07:57:15 -08:00
parent 678e8bddc8
commit e73a5a89a7
1 changed files with 10 additions and 1 deletions

View File

@ -88,10 +88,19 @@ func allDNSNames (cert *x509.Certificate) []string {
return dnsNames return dnsNames
} }
func isNonFatalError (err error) bool {
switch err.(type) {
case x509.NonFatalErrors:
return true
default:
return false
}
}
func getRoot (chain []ct.ASN1Cert) *x509.Certificate { func getRoot (chain []ct.ASN1Cert) *x509.Certificate {
if len(chain) > 0 { if len(chain) > 0 {
root, err := x509.ParseCertificate(chain[len(chain)-1]) root, err := x509.ParseCertificate(chain[len(chain)-1])
if err == nil { if err == nil || isNonFatalError(err) {
return root return root
} }
log.Printf("Failed to parse root certificate: %s", err) log.Printf("Failed to parse root certificate: %s", err)