Fix spelling/grammar in various PKINIT messages

Only error messages and code comments touched.

lib/hx509/ca.c

@@ -224,12 +224,12 @@ hx509_ca_tbs_template_units(void)
 }
 
 /**
- * Initialize the to-be-signed certificate object from a template certifiate.
+ * Initialize the to-be-signed certificate object from a template certificate.
  *
  * @param context A hx509 context.
  * @param tbs object to be signed.
  * @param flags bit field selecting what to copy from the template
- * certifiate.
+ * certificate.
  * @param cert template certificate.
  *
  * @return An hx509 error code, see hx509_get_error_string().
@@ -1294,7 +1294,8 @@ hx509_ca_tbs_add_san_hardwareModuleName_string(hx509_context context,
     p = strchr(freeme, ':');
     if (!p) {
         hx509_set_error_string(context, 0, EINVAL,
-                               "Invalid HardwareModuleName string (should be \"<oid>:<serial>\")",
+                               "Invalid HardwareModuleName string (should be "
+                               "\"<oid>:<serial>\")",
                                oidstr);
         free(freeme);
         return EINVAL;
@@ -1739,7 +1740,7 @@ ca_sign(hx509_context context,
     /* signature            AlgorithmIdentifier, */
     ret = copy_AlgorithmIdentifier(sigalg, &tbsc->signature);
     if (ret) {
-	hx509_set_error_string(context, 0, ret, "Failed to copy sigature alg");
+	hx509_set_error_string(context, 0, ret, "Failed to copy signature alg");
 	goto out;
     }
     /* issuer               Name, */
@@ -2568,11 +2569,11 @@ get_cf(hx509_context context,
         ret = 0;
     if (ret) {
         heim_log_msg(context->hcontext, logf, 3, NULL,
-                     "No configuration for %s %s certificates realm "
+                     "No configuration for %s %s certificate's realm "
                      "-> %s -> kx509 -> %s%s%s", def, label, realm, label,
                      svc ? " -> " : "", svc ? svc : "");
         hx509_set_error_string(context, 0, EACCES,
-                "No configuration for %s %s certificates realm "
+                "No configuration for %s %s certificate's realm "
                 "-> %s -> kx509 -> %s%s%s", def, label, realm, label,
                 svc ? " -> " : "", svc ? svc : "");
     }

lib/hx509/cert.c

@@ -981,7 +981,7 @@ check_key_usage(hx509_context context, const Certificate *cert,
 	if (req_present) {
 	    hx509_set_error_string(context, 0, HX509_KU_CERT_MISSING,
 				   "Required extension key "
-				   "usage missing from certifiate");
+				   "usage missing from certificate");
 	    return HX509_KU_CERT_MISSING;
 	}
 	return 0;
@@ -999,7 +999,7 @@ check_key_usage(hx509_context context, const Certificate *cert,
 	_hx509_unparse_Name(&cert->tbsCertificate.subject, &name);
 	hx509_set_error_string(context, 0, HX509_KU_CERT_MISSING,
 			       "Key usage %s required but missing "
-			       "from certifiate %s", buf,
+			       "from certificate %s", buf,
                                name ? name : "<unknown>");
 	free(name);
 	return HX509_KU_CERT_MISSING;
@@ -1578,8 +1578,8 @@ hx509_cert_get_base_subject(hx509_context context, hx509_cert c,
     if (is_proxy_cert(context, c->data, NULL) == 0) {
 	int ret = HX509_PROXY_CERTIFICATE_NOT_CANONICALIZED;
 	hx509_set_error_string(context, 0, ret,
-			       "Proxy certificate have not been "
-			       "canonicalize yet, no base name");
+			       "Proxy certificate has not been "
+			       "canonicalized yet: no base name");
 	return ret;
     }
     return _hx509_name_from_Name(&c->data->tbsCertificate.subject, name);
@@ -1752,7 +1752,7 @@ get_x_unique_id(hx509_context context, const char *name,
 
     if (cert == NULL) {
 	ret = HX509_EXTENSION_NOT_FOUND;
-	hx509_set_error_string(context, 0, ret, "%s unique id doesn't exists", name);
+	hx509_set_error_string(context, 0, ret, "%s unique id doesn't exist", name);
 	return ret;
     }
     ret = der_copy_bit_string(cert, subject);
@@ -2173,7 +2173,7 @@ check_name_constraints(hx509_context context,
 	    /* allow null subjectNames, they wont matches anything */
 	    if (match == 0 && !subject_null_p(c)) {
 		hx509_set_error_string(context, 0, HX509_VERIFY_CONSTRAINTS,
-				       "Error verify constraints, "
+				       "Error verifying constraints: "
 				       "certificate didn't match any "
 				       "permitted subtree");
 		return HX509_VERIFY_CONSTRAINTS;
@@ -2188,7 +2188,7 @@ check_name_constraints(hx509_context context,
 	    }
 	    if (match) {
 		hx509_set_error_string(context, 0, HX509_VERIFY_CONSTRAINTS,
-				       "Error verify constraints, "
+				       "Error verifying constraints: "
 				       "certificate included in excluded "
 				       "subtree");
 		return HX509_VERIFY_CONSTRAINTS;
@@ -2245,7 +2245,7 @@ hx509_verify_path(hx509_context context,
 	ret = HX509_PROXY_CERT_INVALID;
 	hx509_set_error_string(context, 0, ret,
 			       "Proxy certificate is not allowed as an EE "
-			       "certificae if proxy certificate is disabled");
+			       "certificate if proxy certificate is disabled");
 	return ret;
     }
 
@@ -2346,7 +2346,7 @@ hx509_verify_path(hx509_context context,
 		    ret = HX509_PATH_TOO_LONG;
 		    hx509_set_error_string(context, 0, ret,
 					   "Proxy certificate chain "
-					   "longer then allowed");
+					   "longer than allowed");
 		    goto out;
 		}
 		/* XXX MUST check info.proxyPolicy */
@@ -2356,7 +2356,7 @@ hx509_verify_path(hx509_context context,
 		if (find_extension(c, &asn1_oid_id_x509_ce_subjectAltName, &j)) {
 		    ret = HX509_PROXY_CERT_INVALID;
 		    hx509_set_error_string(context, 0, ret,
-					   "Proxy certificate have explicitly "
+					   "Proxy certificate has explicitly "
 					   "forbidden subjectAltName");
 		    goto out;
 		}
@@ -2365,7 +2365,7 @@ hx509_verify_path(hx509_context context,
 		if (find_extension(c, &asn1_oid_id_x509_ce_issuerAltName, &j)) {
 		    ret = HX509_PROXY_CERT_INVALID;
 		    hx509_set_error_string(context, 0, ret,
-					   "Proxy certificate have explicitly "
+					   "Proxy certificate has explicitly "
 					   "forbidden issuerAltName");
 		    goto out;
 		}
@@ -3453,7 +3453,7 @@ hx509_query_unparse_stats(hx509_context context, int printtype, FILE *out)
 	return;
     f = fopen(context->querystat, "r");
     if (f == NULL) {
-	fprintf(out, "No statistic file %s: %s.\n",
+	fprintf(out, "No statistics file %s: %s.\n",
 		context->querystat, strerror(errno));
 	return;
     }

lib/hx509/revoke.c

@@ -40,7 +40,7 @@
  * revocation for destroyed private keys too (smartcard broken), but
  * that should not be a problem.
  *
- * CRL is a list of certifiates that have expired.
+ * CRL is a list of certificates that have expired.
  *
  * OCSP is an online checking method where the requestor sends a list
  * of certificates to the OCSP server to return a signed reply if they
@@ -217,7 +217,7 @@ verify_ocsp(hx509_context context,
 	ret = _hx509_cert_is_parent_cmp(s, p, 0);
 	if (ret != 0) {
 	    ret = HX509_PARENT_NOT_CA;
-	    hx509_set_error_string(context, 0, ret, "Revoke OCSP signer is "
+	    hx509_set_error_string(context, 0, ret, "Revoke OCSP signer "
 				   "doesn't have CA as signer certificate");
 	    goto out;
 	}
@@ -550,7 +550,7 @@ verify_crl(hx509_context context,
 	signer = crl_parent;
 	if (ret) {
 	    hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
-				   "Failed to verify revoke "
+				   "Failed to verify revocation "
 				   "status of CRL signer");
 	    goto out;
 	}
@@ -647,7 +647,7 @@ hx509_revoke_add_crl(hx509_context context,
 
     if (strncmp(path, "FILE:", 5) != 0) {
 	hx509_set_error_string(context, 0, HX509_UNSUPPORTED_OPERATION,
-			       "unsupport type in %s", path);
+			       "unsupported type in %s", path);
 	return HX509_UNSUPPORTED_OPERATION;
     }
 
@@ -879,8 +879,7 @@ hx509_revoke_verify(hx509_context context,
 	return 0;
     hx509_set_error_string(context, HX509_ERROR_APPEND,
 			   HX509_REVOKE_STATUS_MISSING,
-			   "No revoke status found for "
-			   "certificates");
+			   "No revocation status found for certificates");
     return HX509_REVOKE_STATUS_MISSING;
 }