From 73623747864e90d4e02df6b20934655be778c261 Mon Sep 17 00:00:00 2001
From: Michael R Sweet <michael.r.sweet@gmail.com>
Date: Wed, 14 Sep 2022 17:20:59 -0400
Subject: [PATCH] Add error reporting when cert/key cannot be used.

---
 cups/tls-openssl.c | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/cups/tls-openssl.c b/cups/tls-openssl.c
index afca79f662..561b8e196f 100644
--- a/cups/tls-openssl.c
+++ b/cups/tls-openssl.c
@@ -1088,8 +1088,21 @@ _httpTLSStart(http_t *http)		// I - Connection to server
 
     _cupsMutexUnlock(&tls_mutex);
 
-    SSL_CTX_use_PrivateKey_file(context, keyfile, SSL_FILETYPE_PEM);
-    SSL_CTX_use_certificate_chain_file(context, crtfile);
+    if (!SSL_CTX_use_PrivateKey_file(context, keyfile, SSL_FILETYPE_PEM) || !SSL_CTX_use_certificate_chain_file(context, crtfile))
+    {
+      // Unable to load private key or certificate...
+      DEBUG_puts("4_httpTLSStart: Unable to use private key or certificate chain file.");
+      if ((error = ERR_get_error()) != 0)
+        _cupsSetError(IPP_STATUS_ERROR_CUPS_PKI, ERR_error_string(error, NULL), 0);
+
+      http->status = HTTP_STATUS_ERROR;
+      http->error  = EIO;
+
+      SSL_CTX_free(context);
+      _cupsMutexUnlock(&tls_mutex);
+
+      return (-1);
+    }
   }
 
   // Set TLS options...
-- 
2.47.3