From 68f1914aae67db0c61ca16e00765c2eecd1c05f2 Mon Sep 17 00:00:00 2001
From: Josh McSavaney <me@mcsau.cc>
Date: Mon, 28 Sep 2020 22:23:16 -0400
Subject: [x509] Clarify debug message for an untrusted X.509 issuer

We surface this debugging information in cases where a cert actually
lacks an issuer, but also in cases where it *has* an issuer, but we
cannot trust it (e.g. due to issues in establishing a trust chain).

Signed-off-by: Josh McSavaney <me@mcsau.cc>
Modified-by: Michael Brown <mcb30@ipxe.org>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
---
 src/crypto/x509.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/crypto')

diff --git a/src/crypto/x509.c b/src/crypto/x509.c
index 892d8f8d5..17d8c7a43 100644
--- a/src/crypto/x509.c
+++ b/src/crypto/x509.c
@@ -1392,7 +1392,7 @@ int x509_validate ( struct x509_certificate *cert,
 
 	/* Fail unless we have an issuer */
 	if ( ! issuer ) {
-		DBGC2 ( cert, "X509 %p \"%s\" has no issuer\n",
+		DBGC2 ( cert, "X509 %p \"%s\" has no trusted issuer\n",
 			cert, x509_name ( cert ) );
 		return -EACCES_UNTRUSTED;
 	}
-- 
cgit