diff options
| author | Michael Brown | 2013-05-10 11:03:56 +0200 |
|---|---|---|
| committer | Michael Brown | 2013-05-10 11:03:56 +0200 |
| commit | cb29cd4298f07c35ac2099f56bd9895a9160e3a2 (patch) | |
| tree | 58fe2b159ad70ccff4fc5d79402fe2f06f5e3857 /src/Makefile.housekeeping | |
| parent | [smbios] Allow access to multiple instances of SMBIOS structures (diff) | |
| download | ipxe-cb29cd4298f07c35ac2099f56bd9895a9160e3a2.tar.gz ipxe-cb29cd4298f07c35ac2099f56bd9895a9160e3a2.tar.xz ipxe-cb29cd4298f07c35ac2099f56bd9895a9160e3a2.zip | |
[crypto] Report meaningful error when certificate chain validation fails
If a certificate chain contains no certificate which can be validated
as a standalone certificate (i.e. contains no trusted root
certificates or previously-validated certificates) then iPXE will
currently return a fixed error EACCES_UNTRUSTED. This masks the
actual errors obtained when attempting to validate each certificate as
a standalone certificate, and so makes troubleshooting difficult for
the end user.
Fix by instead returning the error obtained when attempting to
validate the final certificate in the chain as a standalone
certificate. This error is most likely (though not guaranteed) to
represent the "real" problem.
Reported-by: Sven Dreyer <sven@dreyer-net.de>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Diffstat (limited to 'src/Makefile.housekeeping')
0 files changed, 0 insertions, 0 deletions