From: Timo Sirainen <timo.sirainen@open-xchange.com>
Date: Tue, 17 Dec 2024 12:58:37 +0000 (+0200)
Subject: lib-ssl-iostream: Minor error message improvements
X-Git-Tag: 2.4.0~80
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=07ce66df4f3ec20b0041adcf28e9ef2cc3a3d8da;p=thirdparty%2Fdovecot%2Fcore.git

lib-ssl-iostream: Minor error message improvements
---

diff --git a/src/lib-lua/test-lua-http-client.c b/src/lib-lua/test-lua-http-client.c
index 11d2cd3099..9ff3ea99b5 100644
--- a/src/lib-lua/test-lua-http-client.c
+++ b/src/lib-lua/test-lua-http-client.c
@@ -421,7 +421,7 @@ static void test_bad_settings(void)
 	lua_pushstring(script->L, "https://localhost");
 	ret = dlua_pcall(script->L, "http_request_post", 1, 2, &error);
 	error = lua_tostring(script->L, 2);
-	test_assert_strcmp(error, "Couldn't initialize SSL client context: Unknown ssl_min_protocol setting 'cow'");
+	test_assert_strcmp(error, "Couldn't initialize SSL client context: Can't set minimum protocol to 'cow' (ssl_min_protocol setting): Unknown value");
 
 	dlua_script_unref(&script);
 
diff --git a/src/lib-ssl-iostream/iostream-openssl-context.c b/src/lib-ssl-iostream/iostream-openssl-context.c
index 6e64586f65..0cf10ce570 100644
--- a/src/lib-ssl-iostream/iostream-openssl-context.c
+++ b/src/lib-ssl-iostream/iostream-openssl-context.c
@@ -654,13 +654,14 @@ ssl_iostream_context_set(struct ssl_iostream_context *ctx,
 	if (set->curve_list != NULL && strlen(set->curve_list) > 0 &&
 		SSL_CTX_set1_curves_list(ctx->ssl_ctx, set->curve_list) == 0) {
 		*error_r = t_strdup_printf(
-			"Can't set curve list to '%s' (ssl_curve_list setting)",
-			set->curve_list);
+			"Can't set curve list to '%s' (ssl_curve_list setting): %s",
+			set->curve_list, openssl_iostream_error());
 		return -1;
 	}
 	if (set->ciphersuites != NULL && set->ciphersuites[0] != '\0' &&
 	    SSL_CTX_set_ciphersuites(ctx->ssl_ctx, set->ciphersuites) == 0) {
-		*error_r = t_strdup_printf("Can't set ciphersuites to '%s': %s",
+		*error_r = t_strdup_printf(
+			"Can't set ciphersuites to '%s' (ssl_cipher_suites setting): %s",
 			set->ciphersuites, openssl_iostream_error());
 		return -1;
 	}
@@ -674,8 +675,9 @@ ssl_iostream_context_set(struct ssl_iostream_context *ctx,
 		if (openssl_min_protocol_to_options(set->min_protocol,
 						    &opts, &min_protocol) < 0) {
 			*error_r = t_strdup_printf(
-					"Unknown ssl_min_protocol setting '%s'",
-					set->min_protocol);
+				"Can't set minimum protocol to '%s' "
+				"(ssl_min_protocol setting): Unknown value",
+				set->min_protocol);
 			return -1;
 		}
 		SSL_CTX_set_min_proto_version(ctx->ssl_ctx, min_protocol);
@@ -727,7 +729,7 @@ ssl_iostream_context_set(struct ssl_iostream_context *ctx,
 		ctx->username_nid = OBJ_txt2nid(set->cert_username_field);
 		if (ctx->username_nid == NID_undef) {
 			*error_r = t_strdup_printf(
-				"Invalid cert_username_field: %s",
+				"Invalid ssl_cert_username_field: %s",
 				set->cert_username_field);
 			return -1;
 		}