TLS: provide slightly more information when TLS certificate loading fails

Give slightly more information when certification loading fails.
Rather than have no information, you now get gnutls's only slightly
less unhelpful error messages.

Signed-off-by: Alex Bligh <alex@alex.org.uk>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
This commit is contained in:
Alex Bligh 2016-04-05 20:33:48 +01:00 committed by Daniel P. Berrange
parent da2fdd0bd1
commit b7b68166dc

View File

@ -392,11 +392,14 @@ qcrypto_tls_creds_load_cert(QCryptoTLSCredsX509 *creds,
gsize buflen; gsize buflen;
GError *gerr; GError *gerr;
int ret = -1; int ret = -1;
int err;
trace_qcrypto_tls_creds_x509_load_cert(creds, isServer, certFile); trace_qcrypto_tls_creds_x509_load_cert(creds, isServer, certFile);
if (gnutls_x509_crt_init(&cert) < 0) { err = gnutls_x509_crt_init(&cert);
error_setg(errp, "Unable to initialize certificate"); if (err < 0) {
error_setg(errp, "Unable to initialize certificate: %s",
gnutls_strerror(err));
goto cleanup; goto cleanup;
} }
@ -410,11 +413,13 @@ qcrypto_tls_creds_load_cert(QCryptoTLSCredsX509 *creds,
data.data = (unsigned char *)buf; data.data = (unsigned char *)buf;
data.size = strlen(buf); data.size = strlen(buf);
if (gnutls_x509_crt_import(cert, &data, GNUTLS_X509_FMT_PEM) < 0) { err = gnutls_x509_crt_import(cert, &data, GNUTLS_X509_FMT_PEM);
if (err < 0) {
error_setg(errp, isServer ? error_setg(errp, isServer ?
"Unable to import server certificate %s" : "Unable to import server certificate %s: %s" :
"Unable to import client certificate %s", "Unable to import client certificate %s: %s",
certFile); certFile,
gnutls_strerror(err));
goto cleanup; goto cleanup;
} }