Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[crypto] Report meaningful error when certificate chain validation fails
If a certificate chain contains no certificate which can be validated as a standalone certificate (i.e. contains no trusted root certificates or previously-validated certificates) then iPXE will currently return a fixed error EACCES_UNTRUSTED. This masks the actual errors obtained when attempting to validate each certificate as a standalone certificate, and so makes troubleshooting difficult for the end user. Fix by instead returning the error obtained when attempting to validate the final certificate in the chain as a standalone certificate. This error is most likely (though not guaranteed) to represent the "real" problem. Reported-by: Sven Dreyer <sven@dreyer-net.de> Signed-off-by: Michael Brown <mcb30@ipxe.org>
- Loading branch information