Provide more visibility into configuration errors

author Mark Andrews <marka@isc.org>

Wed, 18 Sep 2024 05:30:01 +0000 (15:30 +1000)

committer Mark Andrews <marka@isc.org>

Mon, 25 Nov 2024 23:31:44 +0000 (10:31 +1100)
author Mark Andrews <marka@isc.org>
Wed, 18 Sep 2024 05:30:01 +0000 (15:30 +1000)
committer Mark Andrews <marka@isc.org>
Mon, 25 Nov 2024 23:31:44 +0000 (10:31 +1100)
diff --git a/lib/isc/tls.c b/lib/isc/tls.c

index 79bb2e5385c9ec71b176acb822d25a87148f040c..944425c77844ca05ca1645a9ccac07cb7f05b3de 100644 (file)
--- a/lib/isc/tls.c
+++ b/lib/isc/tls.c
@@ -147,10 +147,25 @@ isc_tlsctx_load_certificate(isc_tlsctx_t *ctx, const char *keyfile,
  
         rv = SSL_CTX_use_certificate_chain_file(ctx, certfile);
         if (rv != 1) {
+               unsigned long err = ERR_peek_last_error();
+               char errbuf[1024] = { 0 };
+               ERR_error_string_n(err, errbuf, sizeof(errbuf));
+               isc_log_write(
+                       ISC_LOGCATEGORY_GENERAL, ISC_LOGMODULE_NETMGR,
+                       ISC_LOG_ERROR,
+                       "SSL_CTX_use_certificate_chain_file: '%s' failed: %s",
+                       certfile, errbuf);
                 return ISC_R_TLSERROR;
         }
         rv = SSL_CTX_use_PrivateKey_file(ctx, keyfile, SSL_FILETYPE_PEM);
         if (rv != 1) {
+               unsigned long err = ERR_peek_last_error();
+               char errbuf[1024] = { 0 };
+               ERR_error_string_n(err, errbuf, sizeof(errbuf));
+               isc_log_write(ISC_LOGCATEGORY_GENERAL, ISC_LOGMODULE_NETMGR,
+                             ISC_LOG_ERROR,
+                             "SSL_CTX_use_PrivateKey_file: '%s' failed: %s",
+                             keyfile, errbuf);
                 return ISC_R_TLSERROR;
         }
author	Mark Andrews <marka@isc.org>
	Wed, 18 Sep 2024 05:30:01 +0000 (15:30 +1000)
committer	Mark Andrews <marka@isc.org>
	Mon, 25 Nov 2024 23:31:44 +0000 (10:31 +1100)