vtls_openssl: improve client certificate load failure error messages

author Matthew Hall <matthew.hall@threatstream.com>

Wed, 25 Mar 2015 00:34:13 +0000 (17:34 -0700)

committer Daniel Stenberg <daniel@haxx.se>

Mon, 13 Apr 2015 20:25:04 +0000 (22:25 +0200)
author Matthew Hall <matthew.hall@threatstream.com>
Wed, 25 Mar 2015 00:34:13 +0000 (17:34 -0700)
committer Daniel Stenberg <daniel@haxx.se>
Mon, 13 Apr 2015 20:25:04 +0000 (22:25 +0200)
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c

index 889225fdab7daecde28bc9c22ea2e2995469b90c..7868e3e4dcc1905fedf2851ff201e275db8c74bd 100644 (file)
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -403,7 +403,10 @@ int cert_stuff(struct connectdata *conn,
        /* SSL_CTX_use_certificate_chain_file() only works on PEM files */
        if(SSL_CTX_use_certificate_chain_file(ctx,
                                              cert_file) != 1) {
-        failf(data, SSL_CLIENT_CERT_ERR);
+        failf(data,
+              "could not load PEM client certificate, OpenSSL error %s, "
+              "(no key found, wrong pass phrase, or wrong file format?)",
+              ERR_error_string(ERR_get_error(), NULL) );
          return 0;
        }
        break;
@@ -415,7 +418,10 @@ int cert_stuff(struct connectdata *conn,
        if(SSL_CTX_use_certificate_file(ctx,
                                        cert_file,
                                        file_type) != 1) {
-        failf(data, SSL_CLIENT_CERT_ERR);
+        failf(data,
+              "could not load ASN1 client certificate, OpenSSL error %s, "
+              "(no key found, wrong pass phrase, or wrong file format?)",
+              ERR_error_string(ERR_get_error(), NULL) );
          return 0;
        }
        break;
author	Matthew Hall <matthew.hall@threatstream.com>
	Wed, 25 Mar 2015 00:34:13 +0000 (17:34 -0700)
committer	Daniel Stenberg <daniel@haxx.se>
	Mon, 13 Apr 2015 20:25:04 +0000 (22:25 +0200)