diff options
| author | Matthew Hall <matthew.hall@threatstream.com> | 2015-03-24 17:34:13 -0700 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2015-04-13 22:25:04 +0200 |
| commit | b3175a767d5375c10662a564fdc598f709192cac (patch) | |
| tree | a30268fbb3e93b51f12159a14e7c9d785c4873d6 | |
| parent | 58b0a8b0596a67625fb9242cee229222f99c8600 (diff) | |
| download | gnurl-b3175a767d5375c10662a564fdc598f709192cac.tar.gz gnurl-b3175a767d5375c10662a564fdc598f709192cac.tar.bz2 gnurl-b3175a767d5375c10662a564fdc598f709192cac.zip | |
vtls_openssl: improve client certificate load failure error messages
| -rw-r--r-- | lib/vtls/openssl.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index 889225fda..7868e3e4d 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -403,7 +403,10 @@ int cert_stuff(struct connectdata *conn, /* SSL_CTX_use_certificate_chain_file() only works on PEM files */ if(SSL_CTX_use_certificate_chain_file(ctx, cert_file) != 1) { - failf(data, SSL_CLIENT_CERT_ERR); + failf(data, + "could not load PEM client certificate, OpenSSL error %s, " + "(no key found, wrong pass phrase, or wrong file format?)", + ERR_error_string(ERR_get_error(), NULL) ); return 0; } break; @@ -415,7 +418,10 @@ int cert_stuff(struct connectdata *conn, if(SSL_CTX_use_certificate_file(ctx, cert_file, file_type) != 1) { - failf(data, SSL_CLIENT_CERT_ERR); + failf(data, + "could not load ASN1 client certificate, OpenSSL error %s, " + "(no key found, wrong pass phrase, or wrong file format?)", + ERR_error_string(ERR_get_error(), NULL) ); return 0; } break; |