|
@@ -1552,11 +1552,8 @@ int x509_validate_chain ( struct x509_chain *chain, time_t time,
|
1552
|
1552
|
struct x509_link *link;
|
1553
|
1553
|
int rc;
|
1554
|
1554
|
|
1555
|
|
- /* Sanity check */
|
1556
|
|
- if ( list_empty ( &chain->links ) ) {
|
1557
|
|
- DBGC ( chain, "X509 chain %p is empty\n", chain );
|
1558
|
|
- return -EACCES_EMPTY;
|
1559
|
|
- }
|
|
1555
|
+ /* Error to be used if chain contains no certifictes */
|
|
1556
|
+ rc = -EACCES_EMPTY;
|
1560
|
1557
|
|
1561
|
1558
|
/* Find first certificate that can be validated as a
|
1562
|
1559
|
* standalone (i.e. is already valid, or can be validated as
|
|
@@ -1586,6 +1583,7 @@ int x509_validate_chain ( struct x509_chain *chain, time_t time,
|
1586
|
1583
|
return 0;
|
1587
|
1584
|
}
|
1588
|
1585
|
|
1589
|
|
- DBGC ( chain, "X509 chain %p found no valid certificates\n", chain );
|
1590
|
|
- return -EACCES_UNTRUSTED;
|
|
1586
|
+ DBGC ( chain, "X509 chain %p found no valid certificates: %s\n",
|
|
1587
|
+ chain, strerror ( rc ) );
|
|
1588
|
+ return rc;
|
1591
|
1589
|
}
|