Open briansmith opened 3 years ago
As I mentioned on Twitter, the most common reasons I'm aware of are:
See also #206.
Would it be valuable to help brainstorm a better name to replace UnknownIssuer ? Or is it more valuable to experiment with tweaks to webpki that don't make it more complicated but do give us different errors we can then try to name ?
I would like to help here, and I have a few ideas about how to help people who've received the hypothetical future improved error (or errors) and need more help, from outside the webpki crate - but of course to get them there they need to know they need that help. And maybe we can just make this so awesome it's unnecessary to do more.
UnknownIssuer
is a name that comes from my historical involvement in other certificate validation libraries. It isn't a good name. We should change it to something that better says "we couldn't build a chain." And we should document the various likely reasons why we couldn't build a chain. We might even be able to encode (some of) the possibilities of chain building in code, e.g. in an enum of errors that all eventually get mapped to this error.