Improve error reporting during key/cert loading with PolarSSL.

Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Message-Id: <53528943.3090205@fox-it.com>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8555
Signed-off-by: Gert Doering <gert@greenie.muc.de>

diff --git a/src/openvpn/ssl_polarssl.c b/src/openvpn/ssl_polarssl.c
index a9e892a85c8fb3e090ac1ab3d778a248b245828d..83718931d8175fb7d10bff943f7ae2f187b4a32c 100644 (file)
--- a/src/openvpn/ssl_polarssl.c
+++ b/src/openvpn/ssl_polarssl.c
@@ -261,8 +261,13 @@ tls_ctx_load_cert_file (struct tls_root_ctx *ctx, const char *cert_file,
     }
   else
     {
-      if (0 != x509_crt_parse_file(ctx->crt_chain, cert_file))
-       msg (M_FATAL, "Cannot load certificate file %s", cert_file);
+      int retval = x509_crt_parse_file(ctx->crt_chain, cert_file);
+      if (0 != retval)
+       {
+         char errstr[128];
+         polarssl_strerror(retval, errstr, sizeof(errstr));
+         msg (M_FATAL, "Cannot load certificate file %s (%s)", cert_file, errstr);
+       }
     }
 }
 
@@ -495,8 +500,13 @@ void tls_ctx_load_ca (struct tls_root_ctx *ctx, const char *ca_file,
   else
     {
       /* Load CA file for verifying peer supplied certificate */
-      if (0 != x509_crt_parse_file(ctx->ca_chain, ca_file))
-       msg (M_FATAL, "Cannot load CA certificate file %s", ca_file);
+      int retval = x509_crt_parse_file(ctx->ca_chain, ca_file);
+      if (0 != retval)
+       {
+         char errstr[128];
+         polarssl_strerror(retval, errstr, sizeof(errstr));
+         msg (M_FATAL, "Cannot load CA certificate file %s (%s)", ca_file, errstr);
+       }
     }
 }