crypto/x509: subject/issuer hint fallback for unknown-authority errors

[wking]

Because errors like:

certificate signed by unknown authority

make it difficult to distinguish between "certificate is unexpected"
and "my local trust store is missing something I expected". This
commit adds a fallback with summaries for the subject and issuer when
hintErr is missing (e.g. because nothing in the local trust store
matched). That should also help figure out which of many possible
certificates need fixing when trust-management breaks down.

[gopherbot]

This PR (HEAD: 62c3b8c) has been imported to Gerrit for code review.

Please visit https://go-review.googlesource.com/c/go/+/231240 to see it.

Tip: You can toggle comments from me using the comments slash command (e.g. /comments off)
See the Wiki page for more info

[wking]

@heschi, details about why this was closed? Looks like it still applies, and seems like useful detail as I pointed out in my initial comment here. Anything I can do to help get some movement in this direction landed?

[ianlancetaylor]

Reopening.

[wking]

@seankhliao, do you have more context on why you closed this? I'm happy to rebase if that makes review easier whenever there's capacity to review :)

[ianlancetaylor]

Reopening.

[gopherbot]

Message from Ian Lance Taylor:

Patch Set 1:

(1 comment)

---

Please don’t reply on this GitHub thread. Visit golang.org/cl/231240.
After addressing review feedback, remember to publish your drafts!

[gopherbot]

This PR (HEAD: 89b1047) has been imported to Gerrit for code review.

Please visit Gerrit at https://go-review.googlesource.com/c/go/+/231240.

Important tips:

• Don't comment on this PR. All discussion takes place in Gerrit.
• You need a Gmail or other Google account to log in to Gerrit.
• To change your code in response to feedback:
  • Push a new commit to the branch used by your GitHub PR.
  • A new "patch set" will then appear in Gerrit.
  • Respond to each comment by marking as Done in Gerrit if implemented as suggested. You can alternatively write a reply.
  • Critical: you must click the blue Reply button near the top to publish your Gerrit responses.
  • Multiple commits in the PR will be squashed by GerritBot.
• The title and description of the GitHub PR are used to construct the final commit message.
  • Edit these as needed via the GitHub web interface (not via Gerrit or git).
  • You should word wrap the PR description at ~76 characters unless you need longer lines (e.g., for tables or URLs).
• See the Sending a change via GitHub and Reviews sections of the Contribution Guide as well as the FAQ for details.

[wking]

After Ian re-opened, GitHub did detect a conflct in the import section. I've rebased onto the current dev-tip with 62c3b8c -> 89b1047.