From f2af64aba55fda84bd4c6dc6d3590049a637c03f Mon Sep 17 00:00:00 2001
From: Michael Brown
Date: Thu, 22 Mar 2012 10:55:13 +0000
Subject: [crypto] Differentiate "untrusted root" and "incomplete chain" error
 cases

Signed-off-by: Michael Brown <mcb30@ipxe.org>
---
 src/net/tls.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

(limited to 'src/net')

diff --git a/src/net/tls.c b/src/net/tls.c
index 6475f78d8..ce39da9a9 100644
--- a/src/net/tls.c
+++ b/src/net/tls.c
@@ -46,10 +46,10 @@ FILE_LICENCE ( GPL2_OR_LATER );
 #include <ipxe/tls.h>
 
 /* Disambiguate the various error causes */
-#define EACCES_UNTRUSTED \
-	__einfo_error ( EINFO_EACCES_UNTRUSTED )
-#define EINFO_EACCES_UNTRUSTED \
-	__einfo_uniqify ( EINFO_EACCES, 0x01, "Untrusted certificate chain" )
+#define EACCES_INCOMPLETE \
+	__einfo_error ( EINFO_EACCES_INCOMPLETE )
+#define EINFO_EACCES_INCOMPLETE \
+	__einfo_uniqify ( EINFO_EACCES, 0x01, "Incomplete certificate chain" )
 #define EACCES_WRONG_NAME \
 	__einfo_error ( EINFO_EACCES_WRONG_NAME )
 #define EINFO_EACCES_WRONG_NAME \
@@ -1302,7 +1302,7 @@ static int tls_parse_next ( struct x509_certificate *cert,
 	/* Return error at end of chain */
 	if ( context->current >= context->end ) {
 		DBGC ( tls, "TLS %p reached end of certificate chain\n", tls );
-		return -EACCES_UNTRUSTED;
+		return -EACCES_INCOMPLETE;
 	}
 
 	/* Extract current certificate and update context */
-- 
cgit v1.2.3-55-g7522