From: Matthew Hall <matthew.hall@threatstream.com>
Date: Wed, 25 Mar 2015 00:34:13 +0000 (-0700)
Subject: vtls_openssl: improve client certificate load failure error messages
X-Git-Tag: curl-7_42_0~34
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=b3175a767d5375c10662a564fdc598f709192cac;p=curl

vtls_openssl: improve client certificate load failure error messages
---

diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index 889225fda..7868e3e4d 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -403,7 +403,10 @@ int cert_stuff(struct connectdata *conn,
       /* SSL_CTX_use_certificate_chain_file() only works on PEM files */
       if(SSL_CTX_use_certificate_chain_file(ctx,
                                             cert_file) != 1) {
-        failf(data, SSL_CLIENT_CERT_ERR);
+        failf(data,
+              "could not load PEM client certificate, OpenSSL error %s, "
+              "(no key found, wrong pass phrase, or wrong file format?)",
+              ERR_error_string(ERR_get_error(), NULL) );
         return 0;
       }
       break;
@@ -415,7 +418,10 @@ int cert_stuff(struct connectdata *conn,
       if(SSL_CTX_use_certificate_file(ctx,
                                       cert_file,
                                       file_type) != 1) {
-        failf(data, SSL_CLIENT_CERT_ERR);
+        failf(data,
+              "could not load ASN1 client certificate, OpenSSL error %s, "
+              "(no key found, wrong pass phrase, or wrong file format?)",
+              ERR_error_string(ERR_get_error(), NULL) );
         return 0;
       }
       break;