Skip to content

Commit c835e5c

Browse files
joy4egjoy4eg
committed
Define more errors
1 parent ce47f46 commit c835e5c

2 files changed

Lines changed: 17 additions & 5 deletions

File tree

handshake.go

Lines changed: 12 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -31,6 +31,13 @@ import (
3131
"golang.org/x/net/idna"
3232
)
3333

34+
var (
35+
// ErrCertNotAvailable is returned when no certificates are available for given name.
36+
ErrCertNotAvailable = errors.New("no certificates available")
37+
// ErrCertTimeout is returned when obtaining a certificate times out.
38+
ErrCertTimeout = errors.New("certificate timeout")
39+
)
40+
3441
// GetCertificate gets a certificate to satisfy clientHello. In getting
3542
// the certificate, it abides the rules and settings defined in the Config
3643
// that matches clientHello.ServerName. It tries to get certificates in
@@ -238,7 +245,7 @@ func DefaultCertificateSelector(hello *tls.ClientHelloInfo, choices []Certificat
238245
return choices[0], nil
239246
}
240247
if len(choices) == 0 {
241-
return Certificate{}, fmt.Errorf("no certificates available")
248+
return Certificate{}, ErrCertNotAvailable
242249
}
243250

244251
// Slow path: There are choices, so we need to check each of them.
@@ -306,7 +313,7 @@ func (cfg *Config) getCertDuringHandshake(ctx context.Context, hello *tls.Client
306313
timeout := time.NewTimer(2 * time.Minute)
307314
select {
308315
case <-timeout.C:
309-
return Certificate{}, fmt.Errorf("timed out waiting to load certificate for %s", name)
316+
return Certificate{}, fmt.Errorf("%w: timed out waiting to load certificate for %s", ErrCertTimeout, name)
310317
case <-ctx.Done():
311318
timeout.Stop()
312319
return Certificate{}, ctx.Err()
@@ -412,7 +419,7 @@ func (cfg *Config) getCertDuringHandshake(ctx context.Context, hello *tls.Client
412419
zap.Bool("load_or_obtain_if_necessary", loadOrObtainIfNecessary),
413420
zap.Bool("on_demand", cfg.OnDemand != nil))
414421

415-
return Certificate{}, fmt.Errorf("no certificate available for '%s'", name)
422+
return Certificate{}, fmt.Errorf("%w: name: %s", ErrCertNotAvailable, name)
416423
}
417424

418425
// loadCertFromStorage loads the certificate for name from storage and maintains it
@@ -487,7 +494,7 @@ func (cfg *Config) checkIfCertShouldBeObtained(ctx context.Context, name string,
487494
}
488495
if len(cfg.OnDemand.hostAllowlist) > 0 {
489496
if _, ok := cfg.OnDemand.hostAllowlist[name]; !ok {
490-
return fmt.Errorf("certificate for '%s' is not managed", name)
497+
return fmt.Errorf("%w: certificate for '%s' is not managed", ErrCertNotAvailable, name)
491498
}
492499
}
493500
}
@@ -522,7 +529,7 @@ func (cfg *Config) obtainOnDemandCertificate(ctx context.Context, hello *tls.Cli
522529
timeout := time.NewTimer(2 * time.Minute)
523530
select {
524531
case <-timeout.C:
525-
return Certificate{}, fmt.Errorf("timed out waiting to obtain certificate for %s", name)
532+
return Certificate{}, fmt.Errorf("%w: timed out waiting to obtain certificate for %s", ErrCertTimeout, name)
526533
case <-wait:
527534
timeout.Stop()
528535
}

handshake_test.go

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,7 @@ package certmagic
1616
import (
1717
"crypto/tls"
1818
"crypto/x509"
19+
"errors"
1920
"net"
2021
"testing"
2122
)
@@ -78,6 +79,10 @@ func TestGetCertificate(t *testing.T) {
7879
// When cache is NOT empty but there's no SNI
7980
if _, err := cfg.GetCertificate(helloNoSNI); err == nil {
8081
t.Errorf("Expected TLS allert when no SNI and no DefaultServerName, but got: %v", err)
82+
} else {
83+
if !errors.Is(err, ErrCertNotAvailable) {
84+
t.Errorf("Expected ErrCertNotAvailable, got: %v", err)
85+
}
8186
}
8287

8388
// When no certificate matches, raise an alert

0 commit comments

Comments
 (0)