TLS: provide slightly more information when TLS certificate loading fails
Give slightly more information when certification loading fails. Rather than have no information, you now get gnutls's only slightly less unhelpful error messages. Signed-off-by: Alex Bligh <alex@alex.org.uk> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
This commit is contained in:
parent
da2fdd0bd1
commit
b7b68166dc
@ -392,11 +392,14 @@ qcrypto_tls_creds_load_cert(QCryptoTLSCredsX509 *creds,
|
|||||||
gsize buflen;
|
gsize buflen;
|
||||||
GError *gerr;
|
GError *gerr;
|
||||||
int ret = -1;
|
int ret = -1;
|
||||||
|
int err;
|
||||||
|
|
||||||
trace_qcrypto_tls_creds_x509_load_cert(creds, isServer, certFile);
|
trace_qcrypto_tls_creds_x509_load_cert(creds, isServer, certFile);
|
||||||
|
|
||||||
if (gnutls_x509_crt_init(&cert) < 0) {
|
err = gnutls_x509_crt_init(&cert);
|
||||||
error_setg(errp, "Unable to initialize certificate");
|
if (err < 0) {
|
||||||
|
error_setg(errp, "Unable to initialize certificate: %s",
|
||||||
|
gnutls_strerror(err));
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -410,11 +413,13 @@ qcrypto_tls_creds_load_cert(QCryptoTLSCredsX509 *creds,
|
|||||||
data.data = (unsigned char *)buf;
|
data.data = (unsigned char *)buf;
|
||||||
data.size = strlen(buf);
|
data.size = strlen(buf);
|
||||||
|
|
||||||
if (gnutls_x509_crt_import(cert, &data, GNUTLS_X509_FMT_PEM) < 0) {
|
err = gnutls_x509_crt_import(cert, &data, GNUTLS_X509_FMT_PEM);
|
||||||
|
if (err < 0) {
|
||||||
error_setg(errp, isServer ?
|
error_setg(errp, isServer ?
|
||||||
"Unable to import server certificate %s" :
|
"Unable to import server certificate %s: %s" :
|
||||||
"Unable to import client certificate %s",
|
"Unable to import client certificate %s: %s",
|
||||||
certFile);
|
certFile,
|
||||||
|
gnutls_strerror(err));
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user