From: William Lallemand <wlallemand@haproxy.org>
Date: Tue, 25 Oct 2022 10:31:39 +0000 (+0200)
Subject: MINOR: ssl: add the SSL error string when failing to load a certificate
X-Git-Tag: v2.7-dev9~134
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f784b90eae4c5f27fd8fa4a4ba2c72a03993ae94;p=thirdparty%2Fhaproxy.git

MINOR: ssl: add the SSL error string when failing to load a certificate

Add the SSL error string when failing to load a certificate in
ssl_sock_load_pem_into_ckch(). It's difficult to know what happen when no
descriptive errror are emitted.

Example:
[ALERT]    (1264006) : config : parsing [ssl_default_server.cfg:51] : 'bind /tmp/ssl.sock' in section 'listen' : unable to load certificate chain from file 'reg-tests/ssl//common.pem': ASN no PEM Header Error
---

diff --git a/src/ssl_ckch.c b/src/ssl_ckch.c
index ae206447c7..ecf69f0674 100644
--- a/src/ssl_ckch.c
+++ b/src/ssl_ckch.c
@@ -633,8 +633,8 @@ int ssl_sock_load_pem_into_ckch(const char *path, char *buf, struct cert_key_and
 
 	ret = ERR_get_error();
 	if (ret && (ERR_GET_LIB(ret) != ERR_LIB_PEM && ERR_GET_REASON(ret) != PEM_R_NO_START_LINE)) {
-		memprintf(err, "%sunable to load certificate chain from file '%s'.\n",
-		          err && *err ? *err : "", path);
+		memprintf(err, "%sunable to load certificate chain from file '%s': %s\n",
+		          err && *err ? *err : "", path, ERR_reason_error_string(ret));
 		goto end;
 	}