aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMike Crowe <mac@mcrowe.com>2015-09-23 13:31:29 +0200
committerDaniel Stenberg <daniel@haxx.se>2015-09-23 13:44:40 +0200
commit5f87906e0ecf44ec473f8d0455158a93c7dffc62 (patch)
tree744ca2f8118ba4675c24205bd2bc2ee60994f029
parent684bf30802f51104c6a2d7f2ea5860698607fd0e (diff)
gnutls: Report actual GnuTLS error message for certificate errors
If GnuTLS fails to read the certificate then include whatever reason it provides in the failure message reported to the client. Signed-off-by: Mike Crowe <mac@mcrowe.com>
-rw-r--r--lib/vtls/gtls.c18
1 files changed, 10 insertions, 8 deletions
diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c
index 1a41c05d7..1c1cc2f7b 100644
--- a/lib/vtls/gtls.c
+++ b/lib/vtls/gtls.c
@@ -663,17 +663,18 @@ gtls_connect_step1(struct connectdata *conn,
GNUTLS_PKCS_USE_PKCS12_RC2_40 | GNUTLS_PKCS_USE_PBES2_3DES |
GNUTLS_PKCS_USE_PBES2_AES_128 | GNUTLS_PKCS_USE_PBES2_AES_192 |
GNUTLS_PKCS_USE_PBES2_AES_256;
- if(gnutls_certificate_set_x509_key_file2(
+ rc = gnutls_certificate_set_x509_key_file2(
conn->ssl[sockindex].cred,
data->set.str[STRING_CERT],
data->set.str[STRING_KEY] ?
data->set.str[STRING_KEY] : data->set.str[STRING_CERT],
do_file_type(data->set.str[STRING_CERT_TYPE]),
data->set.str[STRING_KEY_PASSWD],
- supported_key_encryption_algorithms) !=
- GNUTLS_E_SUCCESS) {
+ supported_key_encryption_algorithms);
+ if(rc != GNUTLS_E_SUCCESS) {
failf(data,
- "error reading X.509 potentially-encrypted key file");
+ "error reading X.509 potentially-encrypted key file: %s",
+ gnutls_strerror(rc));
return CURLE_SSL_CONNECT_ERROR;
#else
failf(data, "gnutls lacks support for encrypted key files");
@@ -682,14 +683,15 @@ gtls_connect_step1(struct connectdata *conn,
}
}
else {
- if(gnutls_certificate_set_x509_key_file(
+ rc = gnutls_certificate_set_x509_key_file(
conn->ssl[sockindex].cred,
data->set.str[STRING_CERT],
data->set.str[STRING_KEY] ?
data->set.str[STRING_KEY] : data->set.str[STRING_CERT],
- do_file_type(data->set.str[STRING_CERT_TYPE]) ) !=
- GNUTLS_E_SUCCESS) {
- failf(data, "error reading X.509 key or certificate file");
+ do_file_type(data->set.str[STRING_CERT_TYPE]) );
+ if(rc != GNUTLS_E_SUCCESS) {
+ failf(data, "error reading X.509 key or certificate file: %s",
+ gnutls_strerror(rc));
return CURLE_SSL_CONNECT_ERROR;
}
}