Also improve credentials loading diagnostics for many apps.
Fixes #12840
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12893)
} else {
X509 *revcert;
- revcert = load_cert_pass(infile, certformat, passin, infile);
+ revcert = load_cert_pass(infile, certformat, passin,
+ "certificate to be revoked");
if (revcert == NULL)
goto end;
if (dorevoke == 2)
EVP_PKEY *pktmp = NULL;
int ok = -1, i;
- if ((req = load_cert_pass(infile, certformat, passin, infile)) == NULL)
+ if ((req = load_cert_pass(infile, certformat, passin, "template certificate")) == NULL)
goto end;
if (verbose)
X509_print(bio_err, req);
}
if (keyfile != NULL) {
- key = load_key(keyfile, keyform, 0, passin, e, "signing key file");
+ key = load_key(keyfile, keyform, 0, passin, e, "signing key");
if (key == NULL)
goto end;
ret = 2;
goto end;
}
- key = load_key(keyfile, keyform, 0, passin, e, "signing key file");
+ key = load_key(keyfile, keyform, 0, passin, e, "signing key");
if (key == NULL) {
ret = 2;
goto end;
int type;
if (want_pub)
- sigkey = load_pubkey(keyfile, keyform, 0, NULL, e, "key file");
+ sigkey = load_pubkey(keyfile, keyform, 0, NULL, e, "public key");
else
- sigkey = load_key(keyfile, keyform, 0, passin, e, "key file");
+ sigkey = load_key(keyfile, keyform, 0, passin, e, "private key");
if (sigkey == NULL) {
/*
* load_[pub]key() has already printed an appropriate message
BIO_printf(bio_err, "read DSA key\n");
if (pubin)
- pkey = load_pubkey(infile, informat, 1, passin, e, "Public Key");
+ pkey = load_pubkey(infile, informat, 1, passin, e, "public key");
else
- pkey = load_key(infile, informat, 1, passin, e, "Private Key");
+ pkey = load_key(infile, informat, 1, passin, e, "private key");
if (pkey != NULL)
dsa = EVP_PKEY_get1_DSA(pkey);
} else if (informat == FORMAT_ENGINE) {
EVP_PKEY *pkey;
if (pubin)
- pkey = load_pubkey(infile, informat, 1, passin, e, "Public Key");
+ pkey = load_pubkey(infile, informat, 1, passin, e, "public key");
else
- pkey = load_key(infile, informat, 1, passin, e, "Private Key");
+ pkey = load_key(infile, informat, 1, passin, e, "private key");
if (pkey != NULL) {
eckey = EVP_PKEY_get1_EC_KEY(pkey);
EVP_PKEY_free(pkey);
const char *propq = app_get0_propq();
int ncerts = 0;
int ncrls = 0;
- const char *failed = "any";
+ const char *failed =
+ ppkey != NULL ? "key" : ppubkey != NULL ? "public key" :
+ pcert != NULL ? "cert" : pcrl != NULL ? "CRL" :
+ pcerts != NULL ? "certs" : pcrls != NULL ? "CRLs" : NULL;
/* TODO make use of the engine reference 'eng' when loading pkeys */
if (ppkey != NULL)
*ppubkey = NULL;
if (pcert != NULL)
*pcert = NULL;
+ if (failed == NULL) {
+ BIO_printf(bio_err, "Internal error: nothing to load into from %s\n",
+ uri != NULL ? uri : "<stdin>");
+ return 0;
+ }
+
if (pcerts != NULL && *pcerts == NULL
&& (*pcerts = sk_X509_new_null()) == NULL) {
- BIO_printf(bio_err, "Out of memory");
+ BIO_printf(bio_err, "Out of memory loading");
goto end;
}
if (pcrl != NULL)
*pcrl = NULL;
if (pcrls != NULL && *pcrls == NULL
&& (*pcrls = sk_X509_CRL_new_null()) == NULL) {
- BIO_printf(bio_err, "Out of memory");
+ BIO_printf(bio_err, "Out of memory loading");
goto end;
}
- if (desc == NULL)
- desc = "key/certificate/CRL";
uidata.password = pass;
uidata.prompt_info = uri;
if (uri == NULL) {
BIO *bio;
- uri = "<stdin>";
if (!maybe_stdin) {
- BIO_printf(bio_err, "No filename or uri specified for loading %s\n",
- desc);
+ BIO_printf(bio_err, "No filename or uri specified for loading");
goto end;
}
+ uri = "<stdin>";
unbuffer(stdin);
bio = BIO_new_fp(stdin, 0);
if (bio != NULL)
&uidata, NULL, NULL);
}
if (ctx == NULL) {
- BIO_printf(bio_err, "Could not open file or uri %s for loading %s\n",
- uri, desc);
+ BIO_printf(bio_err, "Could not open file or uri for loading");
goto end;
}
failed = NULL;
while (!OSSL_STORE_eof(ctx)) {
OSSL_STORE_INFO *info = OSSL_STORE_load(ctx);
- int type = info == NULL ? 0 : OSSL_STORE_INFO_get_type(info);
- int ok = 1;
+ int type, ok = 1;
+ if (info == NULL)
+ break;
+ type = OSSL_STORE_INFO_get_type(info);
switch (type) {
case OSSL_STORE_INFO_PKEY:
if (ppkey != NULL && *ppkey == NULL)
OSSL_STORE_INFO_free(info);
if (!ok) {
failed = info == NULL ? NULL : OSSL_STORE_INFO_type_string(type);
- BIO_printf(bio_err, "Error reading %s of %s from %s\n",
- failed, desc, uri);
+ BIO_printf(bio_err, "Error reading");
break;
}
}
end:
OSSL_STORE_close(ctx);
if (failed == NULL) {
- if (ppkey != NULL && *ppkey == NULL)
+ int any = 0;
+
+ if (ppkey != NULL && *ppkey == NULL) {
failed = "key";
- else if ((pcert != NULL || pcerts != NULL) && ncerts == 0)
+ } else if ((pcert != NULL || pcerts != NULL) && ncerts == 0) {
+ if (pcert == NULL)
+ any = 1;
failed = "cert";
- else if ((pcrl != NULL || pcrls != NULL) && ncrls == 0)
+ } else if ((pcrl != NULL || pcrls != NULL) && ncrls == 0) {
+ if (pcrl == NULL)
+ any = 1;
failed = "CRL";
+ }
if (failed != NULL)
- BIO_printf(bio_err, "Could not read any %s of %s from %s\n",
- failed, desc, uri);
+ BIO_printf(bio_err, "Could not read");
+ if (any)
+ BIO_printf(bio_err, " any");
}
- if (failed != NULL)
+ if (failed != NULL) {
+ if (desc != NULL && strstr(desc, failed) != NULL) {
+ BIO_printf(bio_err, " %s", desc);
+ } else {
+ BIO_printf(bio_err, " %s", failed);
+ if (desc != NULL)
+ BIO_printf(bio_err, " of %s", desc);
+ }
+ if (uri != NULL)
+ BIO_printf(bio_err, " from %s", uri);
+ BIO_printf(bio_err, "\n");
ERR_print_errors(bio_err);
+ }
return failed == NULL;
}
return 0;
if (exc->keyfile != NULL) {
exc->key = load_key(exc->keyfile, exc->keyform,
- 0, NULL, NULL, "Server Key");
+ 0, NULL, NULL, "server key");
} else {
exc->key = load_key(exc->certfile, exc->certform,
- 0, NULL, NULL, "Server Key");
+ 0, NULL, NULL, "server key");
}
if (exc->key == NULL)
return 0;
if (exc->chainfile != NULL) {
- if (!load_certs(exc->chainfile, &exc->chain, NULL, "Server Chain"))
+ if (!load_certs(exc->chainfile, &exc->chain, NULL, "server chain"))
return 0;
}
}
}
switch (key_type) {
case KEY_PRIVKEY:
- pkey = load_key(keyfile, keyform, 0, passin, e, "Private Key");
+ pkey = load_key(keyfile, keyform, 0, passin, e, "private key");
break;
case KEY_PUBKEY:
- pkey = load_pubkey(keyfile, keyform, 0, NULL, e, "Public Key");
+ pkey = load_pubkey(keyfile, keyform, 0, NULL, e, "public key");
break;
case KEY_CERT:
if (peerform == FORMAT_ENGINE)
engine = e;
- peer = load_pubkey(file, peerform, 0, NULL, engine, "Peer Key");
+ peer = load_pubkey(file, peerform, 0, NULL, engine, "peer key");
if (peer == NULL) {
BIO_printf(bio_err, "Error reading peer key %s\n", file);
ERR_print_errors(bio_err);
}
if (keyfile != NULL) {
- pkey = load_key(keyfile, keyform, 0, passin, e, "Private Key");
+ pkey = load_key(keyfile, keyform, 0, passin, e, "private key");
if (pkey == NULL)
goto end;
app_RAND_load_conf(req_conf, section);
tmpformat = informat;
}
- pkey = load_pubkey(infile, tmpformat, 1, passin, e, "Public Key");
+ pkey = load_pubkey(infile, tmpformat, 1, passin, e, "public key");
} else {
- pkey = load_key(infile, informat, 1, passin, e, "Private Key");
+ pkey = load_key(infile, informat, 1, passin, e, "private key");
}
if (pkey != NULL)
switch (key_type) {
case KEY_PRIVKEY:
- pkey = load_key(keyfile, keyformat, 0, passin, e, "Private Key");
+ pkey = load_key(keyfile, keyformat, 0, passin, e, "private key");
break;
case KEY_PUBKEY:
- pkey = load_pubkey(keyfile, keyformat, 0, NULL, e, "Public Key");
+ pkey = load_pubkey(keyfile, keyformat, 0, NULL, e, "public key");
break;
case KEY_CERT:
if (key_file != NULL) {
key = load_key(key_file, key_format, 0, pass, e,
- "client certificate private key file");
+ "client certificate private key");
if (key == NULL)
goto end;
}
if (cert_file != NULL) {
- cert = load_cert_pass(cert_file, cert_format, pass, "client certificate file");
+ cert = load_cert_pass(cert_file, cert_format, pass, "client certificate");
if (cert == NULL)
goto end;
}
if (nocert == 0) {
s_key = load_key(s_key_file, s_key_format, 0, pass, engine,
- "server certificate private key file");
+ "server certificate private key");
if (s_key == NULL)
goto end;
s_cert = load_cert_pass(s_cert_file, s_cert_format, pass,
- "server certificate file");
+ "server certificate");
if (s_cert == NULL)
goto end;
if (tlsextcbp.servername != NULL) {
s_key2 = load_key(s_key_file2, s_key_format, 0, pass, engine,
- "second server certificate private key file");
+ "second server certificate private key");
if (s_key2 == NULL)
goto end;
s_cert2 = load_cert_pass(s_cert_file2, s_cert_format, pass,
- "second server certificate file");
+ "second server certificate");
if (s_cert2 == NULL)
goto end;
s_dkey_file = s_dcert_file;
s_dkey = load_key(s_dkey_file, s_dkey_format,
- 0, dpass, engine, "second certificate private key file");
+ 0, dpass, engine, "second certificate private key");
if (s_dkey == NULL)
goto end;
s_dcert = load_cert_pass(s_dcert_file, s_dcert_format, dpass,
- "second server certificate file");
+ "second server certificate");
if (s_dcert == NULL) {
ERR_print_errors(bio_err);
}
if (keyfile != NULL) {
- key = load_key(keyfile, keyform, 0, passin, e, "signing key file");
+ key = load_key(keyfile, keyform, 0, passin, e, "signing key");
if (key == NULL)
goto end;
"signer certificate");
if (signer == NULL)
goto end;
- key = load_key(keyfile, keyform, 0, passin, e, "signing key file");
+ key = load_key(keyfile, keyform, 0, passin, e, "signing key");
if (key == NULL)
goto end;
goto end;
}
if (fkeyfile != NULL) {
- fkey = load_pubkey(fkeyfile, keyformat, 0, NULL, e, "Forced key");
+ fkey = load_pubkey(fkeyfile, keyformat, 0, NULL, e, "forced key");
if (fkey == NULL)
goto end;
}
if (!X509_set_pubkey(x, fkey != NULL ? fkey : X509_REQ_get0_pubkey(req)))
goto end;
} else {
- x = load_cert_pass(infile, FORMAT_UNDEF, passin, "Certificate");
+ x = load_cert_pass(infile, FORMAT_UNDEF, passin, "certificate");
if (x == NULL)
goto end;
if (fkey != NULL && !X509_set_pubkey(x, fkey))
}
if (CA_flag) {
- xca = load_cert_pass(CAfile, CAformat, passin, "CA Certificate");
+ xca = load_cert_pass(CAfile, CAformat, passin, "CA certificate");
if (xca == NULL)
goto end;
}
BIO_printf(bio_err, "Getting Private key\n");
if (Upkey == NULL) {
Upkey = load_key(keyfile, keyformat, 0,
- passin, e, "Private key");
+ passin, e, "private key");
if (Upkey == NULL)
goto end;
}
BIO_printf(bio_err, "Getting CA Private Key\n");
if (CAkeyfile != NULL) {
CApkey = load_key(CAkeyfile, CAkeyformat,
- 0, passin, e, "CA Private Key");
+ 0, passin, e, "CA private key");
if (CApkey == NULL)
goto end;
}
projects / thirdparty / openssl.git / commitdiff
