From 12bd1d68a0fc28abdbc91545d5d6c5269c5f7e78 Mon Sep 17 00:00:00 2001
From: David McNeil <mcneil.david2@gmail.com>
Date: Thu, 10 Sep 2020 08:52:02 -0500
Subject: [PATCH] Improve error message when trying to `build_chain`

Previously this function always returned the `UnknownIssuer` error.
This was confussing when the error was the result of another problem
(eg unsupported signature algorithm). `build_chain` now returns the
last error.

Signed-off-by: David McNeil <mcneil.david2@gmail.com>
---
 src/verify_cert.rs | 20 +++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)

diff --git a/src/verify_cert.rs b/src/verify_cert.rs
index 119a9768..faf9ab43 100644
--- a/src/verify_cert.rs
+++ b/src/verify_cert.rs
@@ -72,8 +72,12 @@ pub fn build_chain(
         Ok(()) => {
             return Ok(());
         },
-        Err(..) => {
-            // If the error is not fatal, then keep going.
+        error @ Err(..) => {
+            // If the error is not fatal, then keep going unless there are not intermediate certs
+            // then we want this more descriptive error.
+            if intermediate_certs.is_empty() {
+                return error;
+            }
         },
     }
 
@@ -321,15 +325,17 @@ where
     V: IntoIterator,
     F: Fn(V::Item) -> Result<(), Error>,
 {
+    let mut error = Error::UnknownIssuer;
     for v in values {
         match f(v) {
             Ok(()) => {
                 return Ok(());
-            },
-            Err(..) => {
-                // If the error is not fatal, then keep going.
-            },
+            }
+            Err(e) => {
+                // If the error is not fatal, then keep going recording the last error.
+                error = e;
+            }
         }
     }
-    Err(Error::UnknownIssuer)
+    Err(error)
 }