Better error responses from Go client compared to Node Client about fabric-gateway HOT 2 CLOSED

I think checking the validity of X.509 certificates (or even that they actually are X.509 certificates!) is beyond the scope of the client API. As far as the client is concerned, the identity is just an opaque chunk of byte data, even in the Go client:

type Identity interface {
	MspID() string       // ID of the Membership Service Provider to which this identity belongs.
	Credentials() []byte // Implementation-specific credentials.
}

The client credentials just need to be something that the Fabric nodes understand and verify, and there is no requirement that it is X.509 certificate PEM data. Other signing and identity mechanisms (maybe Idemix?) are free to use whatever credentials they need.

You're just seeing a difference because, in the case of ECDSA key-based security, the credentials are an X.509 certificate PEM and, since Go (and Java) have standard struct (and object) representations of X.509 certificates, we've used those standard object representations. So the errors you're seeing are all in those standard language-specific libraries or in helper functions we've provided to make it easier to create those objects.

In short, I think it's the client application's responsibility to provide suitable credentials, and the server's job to verify those credentials. It would definitely be a bug if you could successfully transact using invalid or unauthorised credentials!

It might be that we can improve the server-generated error messages, although most of the message content is not specific to Fabric Gateway services.

from fabric-gateway.

No plans to change this behaviour within the Fabric Gateway client code.

from fabric-gateway.