[x509] Clarify debug message for an untrusted X.509 issuer

We surface this debugging information in cases where a cert actually
lacks an issuer, but also in cases where it *has* an issuer, but we
cannot trust it (e.g. due to issues in establishing a trust chain).

Signed-off-by: Josh McSavaney <me@mcsau.cc>
Modified-by: Michael Brown <mcb30@ipxe.org>
Signed-off-by: Michael Brown <mcb30@ipxe.org>

diff --git a/src/crypto/x509.c b/src/crypto/x509.c
index 892d8f8d5713527c0f77aab02d10af7f15594b3f..17d8c7a4301f5bfdc7c7e355f09cb6c5169177f0 100644 (file)
--- a/src/crypto/x509.c
+++ b/src/crypto/x509.c
@@ -1392,7 +1392,7 @@ int x509_validate ( struct x509_certificate *cert,
 
        /* Fail unless we have an issuer */
        if ( ! issuer ) {
-               DBGC2 ( cert, "X509 %p \"%s\" has no issuer\n",
+               DBGC2 ( cert, "X509 %p \"%s\" has no trusted issuer\n",
                        cert, x509_name ( cert ) );
                return -EACCES_UNTRUSTED;
        }