Skip to content

Improve error message on attestation verification failure #17914

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
woodruffw opened this issue Apr 4, 2025 · 0 comments
Open

Improve error message on attestation verification failure #17914

woodruffw opened this issue Apr 4, 2025 · 0 comments
Assignees
@woodruffw
Labels
APIs/feeds bug 🐛

Comments

@woodruffw
Copy link
Member

Filing this for myself to fix/improve 🙂

If a user uploads a funky attestation (i.e. one that doesn't roughly match our expectations for a Sigstore issued machine identity cert), the upload endpoint produces a pretty opaque error message:

WARNING  Error during upload. Retry with the --verbose option for more details. 
ERROR    HTTPError: 400 Bad Request from https://upload.pypi.org/legacy/        
         Invalid attestations supplied during upload: Unknown error while trying
         to verify included attestations: No                                    
         <ObjectIdentifier(oid=1.3.6.1.4.1.57264.1.14, name=Unknown OID)>       
         extension was found

(This particular error case was a bug, now fixed with #17913. However, in the general case this still produces a non-ideal error.)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@woodruffw woodruffw

Labels
APIs/feeds bug 🐛
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@woodruffw