From: William Lallemand <wlallemand@haproxy.org>
Date: Tue, 25 Oct 2022 13:53:01 +0000 (+0200)
Subject: MINOR: ssl: add the SSL error string before the chain
X-Git-Tag: v2.7-dev9~133
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a538452fa4085fe71c313f3aa9a24f483cf64c9c;p=thirdparty%2Fhaproxy.git

MINOR: ssl: add the SSL error string before the chain

Add the SSL error string when failing to load a certificate in
ssl_sock_load_pem_into_ckch(). It's difficult to know what happen when no
 descriptive errror are emitted. This one is for the certificate before
trying to load the complete chain.
---

diff --git a/src/ssl_ckch.c b/src/ssl_ckch.c
index ecf69f0674..61ffbc08f3 100644
--- a/src/ssl_ckch.c
+++ b/src/ssl_ckch.c
@@ -616,8 +616,9 @@ int ssl_sock_load_pem_into_ckch(const char *path, char *buf, struct cert_key_and
 	/* Read Certificate */
 	cert = PEM_read_bio_X509_AUX(in, NULL, NULL, NULL);
 	if (cert == NULL) {
-		memprintf(err, "%sunable to load certificate from file '%s'.\n",
-		          err && *err ? *err : "", path);
+		ret = ERR_get_error();
+		memprintf(err, "%sunable to load certificate from file '%s': %s.\n",
+		          err && *err ? *err : "", path, ERR_reason_error_string(ret));
 		goto end;
 	}