[cert-v2] nebula-cert should verify all certs (#1291)

2025-12-30 18:48:28 +01:00 · 2025-01-06 16:07:55 -05:00
parent 21a117a156
commit 3f31517018
4 changed files with 32 additions and 18 deletions
--- a/cert/ca_pool.go
+++ b/cert/ca_pool.go
@@ -213,7 +213,7 @@ func (ncp *CAPool) GetCAForCert(c Certificate) (*CachedCertificate, error) {
 		return signer, nil
 	}

-	return nil, fmt.Errorf("could not find ca for the certificate")
+	return nil, ErrCaNotFound
 }

 // GetFingerprints returns an array of trusted CA fingerprints
--- a/cert/errors.go
+++ b/cert/errors.go
@@ -17,6 +17,7 @@ var (
 	ErrInvalidPrivateKey          = errors.New("invalid private key")
 	ErrPublicPrivateCurveMismatch = errors.New("public key does not match private key curve")
 	ErrPublicPrivateKeyMismatch   = errors.New("public key and private key are not a pair")
+	ErrCaNotFound                 = errors.New("could not find ca for the certificate")

 	ErrPrivateKeyEncrypted = errors.New("private key must be decrypted")