From 777497a513595770c1683650e6320026ab2323dc Mon Sep 17 00:00:00 2001 From: Tom Meadows Date: Tue, 14 May 2024 15:15:12 +0100 Subject: [PATCH] BUG: `verifyX509Time` should return the verifier even if the verify fails (we want to get information about it later) (#247) this function should return the verifier because we want to know which verifier returned the error Signed-off-by: chaosinthecrd --- dsse/dsse.go | 2 +- dsse/verify.go | 6 ++---- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/dsse/dsse.go b/dsse/dsse.go index aa6b5d24..81d13e22 100644 --- a/dsse/dsse.go +++ b/dsse/dsse.go @@ -36,7 +36,7 @@ func (e ErrNoMatchingSigs) Error() string { if v.Error != nil { kid, err := v.Verifier.KeyID() if err != nil { - log.Warn("failed to get key id from verifier: %v", err) + log.Warnf("failed to get key id from verifier: %w", err) } s := fmt.Sprintf(" %s: %v\n", kid, v.Error) diff --git a/dsse/verify.go b/dsse/verify.go index b734f317..796039bd 100644 --- a/dsse/verify.go +++ b/dsse/verify.go @@ -197,9 +197,7 @@ func verifyX509Time(cert *x509.Certificate, sigIntermediates, roots []*x509.Cert return nil, err } - if err := verifier.Verify(bytes.NewReader(pae), sig); err != nil { - return nil, err - } + err = verifier.Verify(bytes.NewReader(pae), sig) - return verifier, nil + return verifier, err }