MINOR: ssl: enhance ca-file error emitting

Enhance the errors and warnings when trying to load a ca-file with
ssl_store_load_locations_file().

Add errors from ERR_get_error() and strerror to give more information to
the user.

diff --git a/src/ssl_ckch.c b/src/ssl_ckch.c
index b0bd7bd39d59ac2b96c21c9c6af868214dfd4eab..0992240e22b374194c8c994b5083d944737603db 100644 (file)
--- a/src/ssl_ckch.c
+++ b/src/ssl_ckch.c
@@ -1152,6 +1152,11 @@ int ssl_store_load_ca_from_buf(struct cafile_entry *ca_e, char *cert_buf)
        return retval;
 }
 
+/*
+ * Try to load a ca-file from disk into the ca-file cache.
+ *
+ *  Return 0 upon error
+ */
 int ssl_store_load_locations_file(char *path, int create_if_none, enum cafile_type type)
 {
        X509_STORE *store = ssl_store_get0_locations_file(path);
@@ -1166,16 +1171,27 @@ int ssl_store_load_locations_file(char *path, int create_if_none, enum cafile_ty
                struct cafile_entry *ca_e;
                const char *file = NULL;
                const char *dir = NULL;
+               unsigned long e;
 
                store = X509_STORE_new();
+               if (!store) {
+                       ha_alert("Cannot allocate memory!");
+                       goto err;
+               }
 
                if (strcmp(path, "@system-ca") == 0) {
                        dir = X509_get_default_cert_dir();
+                       if (!dir) {
+                               ha_alert("Couldn't get the system CA directory from X509_get_default_cert_dir().");
+                               goto err;
+                       }
 
                } else {
 
-                       if (stat(path, &buf))
+                       if (stat(path, &buf) == -1) {
+                               ha_alert("Couldn't open the ca-file '%s' (%s).", path, strerror(errno));
                                goto err;
+                       }
 
                        if (S_ISDIR(buf.st_mode))
                                dir = path;
@@ -1185,6 +1201,8 @@ int ssl_store_load_locations_file(char *path, int create_if_none, enum cafile_ty
 
                if (file) {
                        if (!X509_STORE_load_locations(store, file, NULL)) {
+                               e = ERR_get_error();
+                               ha_alert("Couldn't open the ca-file '%s' (%s).", path, ERR_reason_error_string(e));
                                goto err;
                        }
                } else if (dir) {
@@ -1244,10 +1262,12 @@ int ssl_store_load_locations_file(char *path, int create_if_none, enum cafile_ty
                                continue;
 
 scandir_err:
+                               e = ERR_get_error();
                                X509_free(ca);
                                BIO_free(in);
                                free(de);
-                               ha_warning("ca-file: '%s' couldn't load '%s'\n", path, trash.area);
+                               /* warn if it can load one of the files, but don't abort */
+                               ha_warning("ca-file: '%s' couldn't load '%s' (%s)\n", path, trash.area, ERR_reason_error_string(e));
 
                        }
                        free(de_list);
@@ -1258,12 +1278,14 @@ scandir_err:
 
                objs = X509_STORE_get0_objects(store);
                cert_count = sk_X509_OBJECT_num(objs);
-               if (cert_count == 0)
+               if (cert_count == 0) {
                        ha_warning("ca-file: 0 CA were loaded from '%s'\n", path);
-
+               }
                ca_e = ssl_store_create_cafile_entry(path, store, type);
-               if (!ca_e)
+               if (!ca_e) {
+                       ha_alert("Cannot allocate memory!\n");
                        goto err;
+               }
                ebst_insert(&cafile_tree, &ca_e->node);
        }
        return (store != NULL);