mirror of
https://github.com/freebsd/freebsd-src
synced 2024-10-01 14:14:56 +00:00
libsecureboot: be more verbose about validation failures
Reviewed by: imp, sjg Pull Request: https://github.com/freebsd/freebsd-src/pull/916
This commit is contained in:
parent
dff3a80f6d
commit
4b9d605768
|
@ -1,6 +1,7 @@
|
|||
|
||||
BEARSSL?= ${SRCTOP}/contrib/bearssl
|
||||
BEARSSL_SRC= ${BEARSSL}/src
|
||||
BEARSSL_TOOLS= ${BEARSSL}/tools
|
||||
|
||||
CFLAGS+= -I${BEARSSL}/inc
|
||||
CFLAGS+= ${NO_WDEPRECATED_NON_PROTOTYPE}
|
||||
|
|
|
@ -83,3 +83,6 @@ SRCS+= \
|
|||
x509/x509_decoder.c \
|
||||
x509/x509_minimal.c \
|
||||
|
||||
# We want find_error_name().
|
||||
SRCS+= \
|
||||
${BEARSSL_TOOLS}/errors.c \
|
||||
|
|
|
@ -568,9 +568,17 @@ verify_signer_xcs(br_x509_certificate *xcs,
|
|||
ve_error_set("Validation failed, certificate not valid as of %s",
|
||||
gdate(date, sizeof(date), ve_utc));
|
||||
break;
|
||||
default:
|
||||
ve_error_set("Validation failed, err = %d", err);
|
||||
break;
|
||||
default: {
|
||||
const char *err_desc = NULL;
|
||||
const char *err_name = find_error_name(err, &err_desc);
|
||||
|
||||
if (err_name == NULL)
|
||||
ve_error_set("Validation failed, err = %d",
|
||||
err);
|
||||
else
|
||||
ve_error_set("Validation failed, %s (%s)",
|
||||
err_desc, err_name);
|
||||
break; }
|
||||
}
|
||||
} else {
|
||||
tpk = mc.vtable->get_pkey(&mc.vtable, &usages);
|
||||
|
|
Loading…
Reference in a new issue