MINOR: ssl: ssl_sock_load_cert_chain() display error strings
Display error strings when SSL_CTX_use_certificate() or
SSL_CTX_set1_chain() doesn't work.
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 187e190..e066f28 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -3640,6 +3640,9 @@
SSL_CTX *ctx, STACK_OF(X509) **find_chain, char **err)
{
int errcode = 0;
+ int ret;
+
+ ERR_clear_error();
if (find_chain == NULL) {
errcode |= ERR_FATAL;
@@ -3647,8 +3650,9 @@
}
if (!SSL_CTX_use_certificate(ctx, ckch->cert)) {
- memprintf(err, "%sunable to load SSL certificate into SSL Context '%s'.\n",
- err && *err ? *err : "", path);
+ ret = ERR_get_error();
+ memprintf(err, "%sunable to load SSL certificate into SSL Context '%s': %s.\n",
+ err && *err ? *err : "", path, ERR_reason_error_string(ret));
errcode |= ERR_ALERT | ERR_FATAL;
goto end;
}
@@ -3672,8 +3676,9 @@
/* Load all certs in the ckch into the ctx_chain for the ssl_ctx */
#ifdef SSL_CTX_set1_chain
if (!SSL_CTX_set1_chain(ctx, *find_chain)) {
- memprintf(err, "%sunable to load chain certificate into SSL Context '%s'. Make sure you are linking against Openssl >= 1.0.2.\n",
- err && *err ? *err : "", path);
+ ret = ERR_get_error();
+ memprintf(err, "%sunable to load chain certificate into SSL Context '%s': %s. Make sure you are linking against Openssl >= 1.0.2.\n",
+ err && *err ? *err : "", path, ERR_reason_error_string(ret));
errcode |= ERR_ALERT | ERR_FATAL;
goto end;
}