From: Timo Sirainen <tss@iki.fi>
Date: Fri, 20 Sep 2013 01:01:10 +0000 (+0300)
Subject: lib-ssl-iostream: Give better error message if CA settings are missing.
X-Git-Tag: 2.2.6~42
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3136f1b7b84dc305aabd9c95c9d031adfe44f29d;p=thirdparty%2Fdovecot%2Fcore.git

lib-ssl-iostream: Give better error message if CA settings are missing.
---

diff --git a/src/lib-ssl-iostream/iostream-openssl-context.c b/src/lib-ssl-iostream/iostream-openssl-context.c
index 4a469ec3e2..2d2c7d8edc 100644
--- a/src/lib-ssl-iostream/iostream-openssl-context.c
+++ b/src/lib-ssl-iostream/iostream-openssl-context.c
@@ -349,7 +349,9 @@ ssl_iostream_context_load_ca(struct ssl_iostream_context *ctx,
 	}
 
 	if (!have_ca) {
-		*error_r = "Can't verify remote certs without CA";
+		*error_r = !ctx->client_ctx ?
+			"Can't verify remote client certs without CA (ssl_ca setting)" :
+			"Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings)";
 		return -1;
 	}
 	return 0;