From: Josh McSavaney <me@mcsau.cc>
Date: Tue, 29 Sep 2020 02:23:16 +0000 (-0400)
Subject: [x509] Clarify debug message for an untrusted X.509 issuer
X-Git-Tag: v1.21.1~4
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=68f1914aae67db0c61ca16e00765c2eecd1c05f2;p=thirdparty%2Fipxe.git

[x509] Clarify debug message for an untrusted X.509 issuer

We surface this debugging information in cases where a cert actually
lacks an issuer, but also in cases where it *has* an issuer, but we
cannot trust it (e.g. due to issues in establishing a trust chain).

Signed-off-by: Josh McSavaney <me@mcsau.cc>
Modified-by: Michael Brown <mcb30@ipxe.org>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
---

diff --git a/src/crypto/x509.c b/src/crypto/x509.c
index 892d8f8d5..17d8c7a43 100644
--- a/src/crypto/x509.c
+++ b/src/crypto/x509.c
@@ -1392,7 +1392,7 @@ int x509_validate ( struct x509_certificate *cert,
 
 	/* Fail unless we have an issuer */
 	if ( ! issuer ) {
-		DBGC2 ( cert, "X509 %p \"%s\" has no issuer\n",
+		DBGC2 ( cert, "X509 %p \"%s\" has no trusted issuer\n",
 			cert, x509_name ( cert ) );
 		return -EACCES_UNTRUSTED;
 	}