MINOR: ssl: add the SSL error string when failing to load a certificate Add the SSL error string when failing to load a certificate in ssl_sock_load_pem_into_ckch(). It's difficult to know what happen when no descriptive errror are emitted. Example: [ALERT] (1264006) : config : parsing [ssl_default_server.cfg:51] : 'bind /tmp/ssl.sock' in section 'listen' : unable to load certificate chain from file 'reg-tests/ssl//common.pem': ASN no PEM Header Error

commit: f784b90eae4c5f27fd8fa4a4ba2c72a03993ae94 [log] [tgz]
author: William Lallemand <wlallemand@haproxy.org> Tue Oct 25 12:31:39 2022 +0200
committer: William Lallemand <wlallemand@haproxy.org> Tue Oct 25 12:36:48 2022 +0200
tree: 414e3bd1cb96663e4c58eaf0183d1b95ea050515
parent: d08a25b1f125eaf79475d8e42f2eb51683bf91a0 [diff]
diff --git a/src/ssl_ckch.c b/src/ssl_ckch.c
index ae20644..ecf69f0 100644
--- a/src/ssl_ckch.c
+++ b/src/ssl_ckch.c

@@ -633,8 +633,8 @@
 
 	ret = ERR_get_error();
 	if (ret && (ERR_GET_LIB(ret) != ERR_LIB_PEM && ERR_GET_REASON(ret) != PEM_R_NO_START_LINE)) {
-		memprintf(err, "%sunable to load certificate chain from file '%s'.\n",
-		          err && *err ? *err : "", path);
+		memprintf(err, "%sunable to load certificate chain from file '%s': %s\n",
+		          err && *err ? *err : "", path, ERR_reason_error_string(ret));
 		goto end;
 	}
commit	f784b90eae4c5f27fd8fa4a4ba2c72a03993ae94	[log] [tgz]
author	William Lallemand <wlallemand@haproxy.org>	Tue Oct 25 12:31:39 2022 +0200
committer	William Lallemand <wlallemand@haproxy.org>	Tue Oct 25 12:36:48 2022 +0200
tree	414e3bd1cb96663e4c58eaf0183d1b95ea050515
parent	d08a25b1f125eaf79475d8e42f2eb51683bf91a0 [diff]