MINOR: ssl: enhance ca-file error emitting
Enhance the errors and warnings when trying to load a ca-file with
ssl_store_load_locations_file().
Add errors from ERR_get_error() and strerror to give more information to
the user.
(cherry picked from commit 0f17ab2fdd)
Signed-off-by: William Lallemand <wlallemand@haproxy.org>
This commit is contained in:
William Lallemand
@ -1181,6 +1181,11 @@ int ssl_store_load_ca_from_buf(struct cafile_entry *ca_e, char *cert_buf)
|
||||
return retval;
|
||||
}
|
||||
|
||||
/*
|
||||
* Try to load a ca-file from disk into the ca-file cache.
|
||||
*
|
||||
* Return 0 upon error
|
||||
*/
|
||||
int ssl_store_load_locations_file(char *path, int create_if_none, enum cafile_type type)
|
||||
{
|
||||
X509_STORE *store = ssl_store_get0_locations_file(path);
|
||||
@ -1195,16 +1200,27 @@ int ssl_store_load_locations_file(char *path, int create_if_none, enum cafile_ty
|
||||
struct cafile_entry *ca_e;
|
||||
const char *file = NULL;
|
||||
const char *dir = NULL;
|
||||
unsigned long e;
|
||||
|
||||
store = X509_STORE_new();
|
||||
if (!store) {
|
||||
ha_alert("Cannot allocate memory!");
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (strcmp(path, "@system-ca") == 0) {
|
||||
dir = X509_get_default_cert_dir();
|
||||
if (!dir) {
|
||||
ha_alert("Couldn't get the system CA directory from X509_get_default_cert_dir().");
|
||||
goto err;
|
||||
}
|
||||
|
||||
} else {
|
||||
|
||||
if (stat(path, &buf))
|
||||
if (stat(path, &buf) == -1) {
|
||||
ha_alert("Couldn't open the ca-file '%s' (%s).", path, strerror(errno));
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (S_ISDIR(buf.st_mode))
|
||||
dir = path;
|
||||
@ -1214,6 +1230,8 @@ int ssl_store_load_locations_file(char *path, int create_if_none, enum cafile_ty
|
||||
|
||||
if (file) {
|
||||
if (!X509_STORE_load_locations(store, file, NULL)) {
|
||||
e = ERR_get_error();
|
||||
ha_alert("Couldn't open the ca-file '%s' (%s).", path, ERR_reason_error_string(e));
|
||||
goto err;
|
||||
}
|
||||
} else if (dir) {
|
||||
@ -1273,10 +1291,12 @@ int ssl_store_load_locations_file(char *path, int create_if_none, enum cafile_ty
|
||||
continue;
|
||||
|
||||
scandir_err:
|
||||
e = ERR_get_error();
|
||||
X509_free(ca);
|
||||
BIO_free(in);
|
||||
free(de);
|
||||
ha_warning("ca-file: '%s' couldn't load '%s'\n", path, trash.area);
|
||||
/* warn if it can load one of the files, but don't abort */
|
||||
ha_warning("ca-file: '%s' couldn't load '%s' (%s)\n", path, trash.area, ERR_reason_error_string(e));
|
||||
|
||||
}
|
||||
free(de_list);
|
||||
@ -1287,12 +1307,14 @@ scandir_err:
|
||||
|
||||
objs = X509_STORE_get0_objects(store);
|
||||
cert_count = sk_X509_OBJECT_num(objs);
|
||||
if (cert_count == 0)
|
||||
if (cert_count == 0) {
|
||||
ha_warning("ca-file: 0 CA were loaded from '%s'\n", path);
|
||||
|
||||
}
|
||||
ca_e = ssl_store_create_cafile_entry(path, store, type);
|
||||
if (!ca_e)
|
||||
if (!ca_e) {
|
||||
ha_alert("Cannot allocate memory!\n");
|
||||
goto err;
|
||||
}
|
||||
ebst_insert(&cafile_tree, &ca_e->node);
|
||||
}
|
||||
return (store != NULL);
|
||||
|
||||
Reference in New Issue
Block a user