From: Michael R Sweet <michael.r.sweet@gmail.com>
Date: Wed, 14 Sep 2022 21:20:59 +0000 (-0400)
Subject: Add error reporting when cert/key cannot be used.
X-Git-Tag: v2.4.3~135
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=73623747864e90d4e02df6b20934655be778c261;p=thirdparty%2Fcups.git

Add error reporting when cert/key cannot be used.
---

diff --git a/cups/tls-openssl.c b/cups/tls-openssl.c
index afca79f662..561b8e196f 100644
--- a/cups/tls-openssl.c
+++ b/cups/tls-openssl.c
@@ -1088,8 +1088,21 @@ _httpTLSStart(http_t *http)		// I - Connection to server
 
     _cupsMutexUnlock(&tls_mutex);
 
-    SSL_CTX_use_PrivateKey_file(context, keyfile, SSL_FILETYPE_PEM);
-    SSL_CTX_use_certificate_chain_file(context, crtfile);
+    if (!SSL_CTX_use_PrivateKey_file(context, keyfile, SSL_FILETYPE_PEM) || !SSL_CTX_use_certificate_chain_file(context, crtfile))
+    {
+      // Unable to load private key or certificate...
+      DEBUG_puts("4_httpTLSStart: Unable to use private key or certificate chain file.");
+      if ((error = ERR_get_error()) != 0)
+        _cupsSetError(IPP_STATUS_ERROR_CUPS_PKI, ERR_error_string(error, NULL), 0);
+
+      http->status = HTTP_STATUS_ERROR;
+      http->error  = EIO;
+
+      SSL_CTX_free(context);
+      _cupsMutexUnlock(&tls_mutex);
+
+      return (-1);
+    }
   }
 
   // Set TLS options...