From: William Lallemand <wlallemand@haproxy.com>
Date: Tue, 7 Apr 2020 12:16:32 +0000 (+0200)
Subject: MINOR: ssl: improve the errors when a crt can't be open
X-Git-Tag: v2.2-dev6~34
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7fd01b36257ffa9fe76930ccfe8a34ad40911fef;p=thirdparty%2Fhaproxy.git

MINOR: ssl: improve the errors when a crt can't be open

Issue #574 reported an unclear error when trying to open a file with not
enough permission.

  [ALERT] 096/032117 (835) : parsing [/etc/haproxy/haproxy.cfg:54] : 'bind :443' : error encountered while processing 'crt'.
  [ALERT] 096/032117 (835) : Error(s) found in configuration file : /etc/haproxy/haproxy.cfg
  [ALERT] 096/032117 (835) : Fatal errors found in configuration.

Improve the error to give us more information:

  [ALERT] 097/142030 (240089) : parsing [test.cfg:22] : 'bind :443' : cannot open the file 'kikyo.pem.rsa'.
  [ALERT] 097/142030 (240089) : Error(s) found in configuration file : test.cfg
  [ALERT] 097/142030 (240089) : Fatal errors found in configuration.

This patch could be backported in 2.1.
---

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 282e343625..b1670456bb 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -3323,11 +3323,16 @@ static int ssl_sock_load_pem_into_ckch(const char *path, char *buf, struct cert_
 	} else {
 		/* reading from a file */
 		in = BIO_new(BIO_s_file());
-		if (in == NULL)
+		if (in == NULL) {
+			memprintf(err, "%sCan't allocate memory\n", err && *err ? *err : "");
 			goto end;
+		}
 
-		if (BIO_read_filename(in, path) <= 0)
+		if (BIO_read_filename(in, path) <= 0) {
+			memprintf(err, "%scannot open the file '%s'.\n",
+			          err && *err ? *err : "", path);
 			goto end;
+		}
 	}
 
 	/* Read Private Key */