[x509] Clarify debug message for an untrusted X.509 issuer

We surface this debugging information in cases where a cert actually lacks an issuer, but also in cases where it *has* an issuer, but we cannot trust it (e.g. due to issues in establishing a trust chain). Signed-off-by: Josh McSavaney <me@mcsau.cc> Modified-by: Michael Brown <mcb30@ipxe.org> Signed-off-by: Michael Brown <mcb30@ipxe.org>
author: Josh McSavaney 2020-09-29 04:23:16 +0200
committer: Michael Brown 2020-12-28 19:18:58 +0100
commit: 68f1914aae67db0c61ca16e00765c2eecd1c05f2 (patch)
tree: 579609d1ac08e49486e4470f7a01ef71a6f19153 /src/crypto/x509.c
parent: [golan] Add new PCI IDs (diff)
download: ipxe-68f1914aae67db0c61ca16e00765c2eecd1c05f2.tar.gz
ipxe-68f1914aae67db0c61ca16e00765c2eecd1c05f2.tar.xz
ipxe-68f1914aae67db0c61ca16e00765c2eecd1c05f2.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/src/crypto/x509.c b/src/crypto/x509.c
index 892d8f8d..17d8c7a4 100644
--- a/src/crypto/x509.c
+++ b/src/crypto/x509.c
@@ -1392,7 +1392,7 @@ int x509_validate ( struct x509_certificate *cert,
 
 	/* Fail unless we have an issuer */
 	if ( ! issuer ) {
-		DBGC2 ( cert, "X509 %p \"%s\" has no issuer\n",
+		DBGC2 ( cert, "X509 %p \"%s\" has no trusted issuer\n",
 			cert, x509_name ( cert ) );
 		return -EACCES_UNTRUSTED;
 	}
author	Josh McSavaney	2020-09-29 04:23:16 +0200
committer	Michael Brown	2020-12-28 19:18:58 +0100
commit	68f1914aae67db0c61ca16e00765c2eecd1c05f2 (patch)
tree	579609d1ac08e49486e4470f7a01ef71a6f19153 /src/crypto/x509.c
parent	[golan] Add new PCI IDs (diff)
download	ipxe-68f1914aae67db0c61ca16e00765c2eecd1c05f2.tar.gz ipxe-68f1914aae67db0c61ca16e00765c2eecd1c05f2.tar.xz ipxe-68f1914aae67db0c61ca16e00765c2eecd1c05f2.zip