narenas
/
opengnsys_ipxe
mirror of https://github.com/ipxe/ipxe.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[x509] Clarify debug message for an untrusted X.509 issuer 

We surface this debugging information in cases where a cert actually
lacks an issuer, but also in cases where it *has* an issuer, but we
cannot trust it (e.g. due to issues in establishing a trust chain).

Signed-off-by: Josh McSavaney <me@mcsau.cc>
Modified-by: Michael Brown <mcb30@ipxe.org>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
pull/312/head
Josh McSavaney 2020-09-28 22:23:16 -04:00 committed by Michael Brown
parent ce841946df
commit 68f1914aae
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/crypto/x509.c
View File

@ -1392,7 +1392,7 @@ int x509_validate ( struct x509_certificate *cert,
/* Fail unless we have an issuer */ /* Fail unless we have an issuer */
if ( ! issuer ) { if ( ! issuer ) {
DBGC2 ( cert, "X509 %p \"%s\" has no issuer\n", DBGC2 ( cert, "X509 %p \"%s\" has no trusted issuer\n",
cert, x509_name ( cert ) ); cert, x509_name ( cert ) );
return -EACCES_UNTRUSTED; return -EACCES_UNTRUSTED;
} }