From 9bf0d93f945c82e1fc612442c1c3a62699754bf0 Mon Sep 17 00:00:00 2001
From: Slavek Kabrda <bkabrda@redhat.com>
Date: Fri, 26 Jul 2024 13:28:39 +0200
Subject: [PATCH] Include SCT verification failure details in error message

Signed-off-by: Slavek Kabrda <bkabrda@redhat.com>
---
 pkg/cosign/verify_sct.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/cosign/verify_sct.go b/pkg/cosign/verify_sct.go
index 934b2d97941..1b904c2c4fd 100644
--- a/pkg/cosign/verify_sct.go
+++ b/pkg/cosign/verify_sct.go
@@ -108,7 +108,7 @@ func VerifySCT(_ context.Context, certPEM, chainPEM, rawSCT []byte, pubKeys *Tru
 			}
 			err = ctutil.VerifySCT(pubKeyMetadata.PubKey, []*ctx509.Certificate{cert, certChain[0]}, sct, true)
 			if err != nil {
-				return fmt.Errorf("error verifying embedded SCT")
+				return fmt.Errorf("error verifying embedded SCT: %w", err)
 			}
 			if pubKeyMetadata.Status != tuf.Active {
 				fmt.Fprintf(os.Stderr, "**Info** Successfully verified embedded SCT using an expired verification key\n")