From f784b90eae4c5f27fd8fa4a4ba2c72a03993ae94 Mon Sep 17 00:00:00 2001 From: William Lallemand Date: Tue, 25 Oct 2022 12:31:39 +0200 Subject: [PATCH] MINOR: ssl: add the SSL error string when failing to load a certificate Add the SSL error string when failing to load a certificate in ssl_sock_load_pem_into_ckch(). It's difficult to know what happen when no descriptive errror are emitted. Example: [ALERT] (1264006) : config : parsing [ssl_default_server.cfg:51] : 'bind /tmp/ssl.sock' in section 'listen' : unable to load certificate chain from file 'reg-tests/ssl//common.pem': ASN no PEM Header Error --- src/ssl_ckch.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/ssl_ckch.c b/src/ssl_ckch.c index ae206447c..ecf69f067 100644 --- a/src/ssl_ckch.c +++ b/src/ssl_ckch.c @@ -633,8 +633,8 @@ int ssl_sock_load_pem_into_ckch(const char *path, char *buf, struct cert_key_and ret = ERR_get_error(); if (ret && (ERR_GET_LIB(ret) != ERR_LIB_PEM && ERR_GET_REASON(ret) != PEM_R_NO_START_LINE)) { - memprintf(err, "%sunable to load certificate chain from file '%s'.\n", - err && *err ? *err : "", path); + memprintf(err, "%sunable to load certificate chain from file '%s': %s\n", + err && *err ? *err : "", path, ERR_reason_error_string(ret)); goto end; }