diff options
Diffstat (limited to 'tls.go')
| -rw-r--r-- | tls.go | 18 |
1 files changed, 15 insertions, 3 deletions
@@ -8,7 +8,7 @@ import ( "crypto/x509" "crypto/x509/pkix" "encoding/hex" - "errors" + "fmt" "math/big" "os" "time" @@ -23,7 +23,15 @@ func tlsConfig(state *BrowserState) *tls.Config { var tofuStore map[string]string -var ErrTOFUViolation = errors.New("certificate for this domain has changed") +type TOFUViolation struct { + domain string + expected string + got string +} + +func (tv *TOFUViolation) Error() string { + return fmt.Sprintf("certificate for domain %s has changed from %s to %s", tv.domain, tv.expected, tv.got) +} var anonymousTLS = &tls.Config{ InsecureSkipVerify: true, @@ -43,7 +51,11 @@ func tofuVerify(connState tls.ConnectionState) error { } if certhash != expected { - return ErrTOFUViolation + return &TOFUViolation{ + domain: connState.ServerName, + expected: expected, + got: certhash, + } } return nil } |