Add error reporting when cert/key cannot be used.

author Michael R Sweet <michael.r.sweet@gmail.com>

Wed, 14 Sep 2022 21:20:59 +0000 (17:20 -0400)

committer Michael R Sweet <michael.r.sweet@gmail.com>

Wed, 14 Sep 2022 21:20:59 +0000 (17:20 -0400)
author Michael R Sweet <michael.r.sweet@gmail.com>
Wed, 14 Sep 2022 21:20:59 +0000 (17:20 -0400)
committer Michael R Sweet <michael.r.sweet@gmail.com>
Wed, 14 Sep 2022 21:20:59 +0000 (17:20 -0400)
diff --git a/cups/tls-openssl.c b/cups/tls-openssl.c

index afca79f6621485ba08872e6935f6fe6c4ee9a0d5..561b8e196fc2795306465a2a6dbfc9f4af2296ab 100644 (file)
--- a/cups/tls-openssl.c
+++ b/cups/tls-openssl.c
@@ -1088,8 +1088,21 @@ _httpTLSStart(http_t *http)              // I - Connection to server
  
      _cupsMutexUnlock(&tls_mutex);
  
-    SSL_CTX_use_PrivateKey_file(context, keyfile, SSL_FILETYPE_PEM);
-    SSL_CTX_use_certificate_chain_file(context, crtfile);
+    if (!SSL_CTX_use_PrivateKey_file(context, keyfile, SSL_FILETYPE_PEM) || !SSL_CTX_use_certificate_chain_file(context, crtfile))
+    {
+      // Unable to load private key or certificate...
+      DEBUG_puts("4_httpTLSStart: Unable to use private key or certificate chain file.");
+      if ((error = ERR_get_error()) != 0)
+        _cupsSetError(IPP_STATUS_ERROR_CUPS_PKI, ERR_error_string(error, NULL), 0);
+
+      http->status = HTTP_STATUS_ERROR;
+      http->error  = EIO;
+
+      SSL_CTX_free(context);
+      _cupsMutexUnlock(&tls_mutex);
+
+      return (-1);
+    }
    }
  
    // Set TLS options...
author	Michael R Sweet <michael.r.sweet@gmail.com>
	Wed, 14 Sep 2022 21:20:59 +0000 (17:20 -0400)
committer	Michael R Sweet <michael.r.sweet@gmail.com>
	Wed, 14 Sep 2022 21:20:59 +0000 (17:20 -0400)