MINOR: ssl: ssl_sock_load_cert_chain() display error strings

Display error strings when SSL_CTX_use_certificate() or SSL_CTX_set1_chain() doesn't work.
2025-08-07 15:47:01 +02:00 · 2022-11-15 16:56:03 +01:00 · 2022-11-15 16:56:03 +01:00 · 45fed2c7a6
commit 45fed2c7a6
parent 91d31c9e1c
1 changed files with 9 additions and 4 deletions
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@ -3640,6 +3640,9 @@ static int ssl_sock_load_cert_chain(const char *path, const struct cert_key_and_
 				    SSL_CTX *ctx, STACK_OF(X509) **find_chain, char **err)
 {
 	int errcode = 0;
 	int ret;
 	ERR_clear_error();
 	if (find_chain == NULL) {
 		errcode |= ERR_FATAL;
@ -3647,8 +3650,9 @@ static int ssl_sock_load_cert_chain(const char *path, const struct cert_key_and_
 	}
 	if (!SSL_CTX_use_certificate(ctx, ckch->cert)) {
-		memprintf(err, "%sunable to load SSL certificate into SSL Context '%s'.\n",
+		ret = ERR_get_error();
-				err && *err ? *err : "", path);
+		memprintf(err, "%sunable to load SSL certificate into SSL Context '%s': %s.\n",
 				err && *err ? *err : "", path, ERR_reason_error_string(ret));
 		errcode |= ERR_ALERT | ERR_FATAL;
 		goto end;
 	}
@ -3672,8 +3676,9 @@ static int ssl_sock_load_cert_chain(const char *path, const struct cert_key_and_
 	/* Load all certs in the ckch into the ctx_chain for the ssl_ctx */
 #ifdef SSL_CTX_set1_chain
 	if (!SSL_CTX_set1_chain(ctx, *find_chain)) {
-		memprintf(err, "%sunable to load chain certificate into SSL Context '%s'. Make sure you are linking against Openssl >= 1.0.2.\n",
+		ret = ERR_get_error();
-			  err && *err ? *err : "", path);
+		memprintf(err, "%sunable to load chain certificate into SSL Context '%s': %s. Make sure you are linking against Openssl >= 1.0.2.\n",
 			  err && *err ? *err : "", path,  ERR_reason_error_string(ret));
 		errcode |= ERR_ALERT | ERR_FATAL;
 		goto end;
 	}