diff options
author | Mike Crowe <mac@mcrowe.com> | 2015-09-23 13:31:29 +0200 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2015-09-23 13:44:40 +0200 |
commit | 5f87906e0ecf44ec473f8d0455158a93c7dffc62 (patch) | |
tree | 744ca2f8118ba4675c24205bd2bc2ee60994f029 /lib | |
parent | 684bf30802f51104c6a2d7f2ea5860698607fd0e (diff) |
gnutls: Report actual GnuTLS error message for certificate errors
If GnuTLS fails to read the certificate then include whatever reason it
provides in the failure message reported to the client.
Signed-off-by: Mike Crowe <mac@mcrowe.com>
Diffstat (limited to 'lib')
-rw-r--r-- | lib/vtls/gtls.c | 18 |
1 files changed, 10 insertions, 8 deletions
diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c index 1a41c05d7..1c1cc2f7b 100644 --- a/lib/vtls/gtls.c +++ b/lib/vtls/gtls.c @@ -663,17 +663,18 @@ gtls_connect_step1(struct connectdata *conn, GNUTLS_PKCS_USE_PKCS12_RC2_40 | GNUTLS_PKCS_USE_PBES2_3DES | GNUTLS_PKCS_USE_PBES2_AES_128 | GNUTLS_PKCS_USE_PBES2_AES_192 | GNUTLS_PKCS_USE_PBES2_AES_256; - if(gnutls_certificate_set_x509_key_file2( + rc = gnutls_certificate_set_x509_key_file2( conn->ssl[sockindex].cred, data->set.str[STRING_CERT], data->set.str[STRING_KEY] ? data->set.str[STRING_KEY] : data->set.str[STRING_CERT], do_file_type(data->set.str[STRING_CERT_TYPE]), data->set.str[STRING_KEY_PASSWD], - supported_key_encryption_algorithms) != - GNUTLS_E_SUCCESS) { + supported_key_encryption_algorithms); + if(rc != GNUTLS_E_SUCCESS) { failf(data, - "error reading X.509 potentially-encrypted key file"); + "error reading X.509 potentially-encrypted key file: %s", + gnutls_strerror(rc)); return CURLE_SSL_CONNECT_ERROR; #else failf(data, "gnutls lacks support for encrypted key files"); @@ -682,14 +683,15 @@ gtls_connect_step1(struct connectdata *conn, } } else { - if(gnutls_certificate_set_x509_key_file( + rc = gnutls_certificate_set_x509_key_file( conn->ssl[sockindex].cred, data->set.str[STRING_CERT], data->set.str[STRING_KEY] ? data->set.str[STRING_KEY] : data->set.str[STRING_CERT], - do_file_type(data->set.str[STRING_CERT_TYPE]) ) != - GNUTLS_E_SUCCESS) { - failf(data, "error reading X.509 key or certificate file"); + do_file_type(data->set.str[STRING_CERT_TYPE]) ); + if(rc != GNUTLS_E_SUCCESS) { + failf(data, "error reading X.509 key or certificate file: %s", + gnutls_strerror(rc)); return CURLE_SSL_CONNECT_ERROR; } } |