sysadmin/ipxe
1
0
Fork 0
mirror of https://github.com/ipxe/ipxe synced 2025-12-17 18:11:49 +03:00
Code Issues Packages Projects Releases Wiki Activity

[crypto] Differentiate "untrusted root" and "incomplete chain" error cases

Browse Source 
Signed-off-by: Michael Brown <mcb30@ipxe.org>
This commit is contained in:
Michael Brown
2012-03-22 10:55:13 +00:00
parent 5c66395939
commit f2af64aba5
2 changed files with 18 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/net/tls.c
View File

@@ -46,10 +46,10 @@ FILE_LICENCE ( GPL2_OR_LATER );
#include <ipxe/tls.h>
/* Disambiguate the various error causes */
#define EACCES_UNTRUSTED \
__einfo_error ( EINFO_EACCES_UNTRUSTED )
#define EINFO_EACCES_UNTRUSTED \
__einfo_uniqify ( EINFO_EACCES, 0x01, "Untrusted certificate chain" )
#define EACCES_INCOMPLETE \
__einfo_error ( EINFO_EACCES_INCOMPLETE )
#define EINFO_EACCES_INCOMPLETE \
__einfo_uniqify ( EINFO_EACCES, 0x01, "Incomplete certificate chain" )
#define EACCES_WRONG_NAME \
__einfo_error ( EINFO_EACCES_WRONG_NAME )
#define EINFO_EACCES_WRONG_NAME \
@@ -1302,7 +1302,7 @@ static int tls_parse_next ( struct x509_certificate *cert,
/* Return error at end of chain */
if ( context->current >= context->end ) {
DBGC ( tls, "TLS %p reached end of certificate chain\n", tls );
return -EACCES_UNTRUSTED;
return -EACCES_INCOMPLETE;
}
/* Extract current certificate and update context */