dovecot-2.0: ssl: If given ssl key is for a different cert, give...
dovecot at dovecot.org
dovecot at dovecot.org
Tue Sep 29 17:15:27 EEST 2009
details: http://hg.dovecot.org/dovecot-2.0/rev/53b2a88ee6d0
changeset: 9945:53b2a88ee6d0
user: Timo Sirainen <tss at iki.fi>
date: Tue Sep 29 10:15:18 2009 -0400
description:
ssl: If given ssl key is for a different cert, give a nicer error message.
diffstat:
1 file changed, 13 insertions(+), 2 deletions(-)
src/login-common/ssl-proxy-openssl.c | 15 +++++++++++++--
diffs (38 lines):
diff -r dac192bbd97f -r 53b2a88ee6d0 src/login-common/ssl-proxy-openssl.c
--- a/src/login-common/ssl-proxy-openssl.c Mon Sep 28 18:25:56 2009 -0400
+++ b/src/login-common/ssl-proxy-openssl.c Tue Sep 29 10:15:18 2009 -0400
@@ -925,13 +925,24 @@ static EVP_PKEY *ssl_proxy_load_key(cons
return pkey;
}
+static const char *ssl_key_load_error(void)
+{
+ unsigned long err = ERR_peek_error();
+
+ if (ERR_GET_LIB(err) == ERR_LIB_X509 &&
+ ERR_GET_REASON(err) == X509_R_KEY_VALUES_MISMATCH)
+ return "Key is for a different cert than ssl_cert";
+ else
+ return ssl_last_error();
+}
+
static void ssl_proxy_ctx_use_key(SSL_CTX *ctx, const struct login_settings *set)
{
EVP_PKEY *pkey;
pkey = ssl_proxy_load_key(set);
if (SSL_CTX_use_PrivateKey(ctx, pkey) != 1)
- i_fatal("Can't load private ssl_key: %s", ssl_last_error());
+ i_fatal("Can't load private ssl_key: %s", ssl_key_load_error());
EVP_PKEY_free(pkey);
}
@@ -941,7 +952,7 @@ static int ssl_proxy_use_key(SSL *ssl, c
pkey = ssl_proxy_load_key(set);
if (SSL_use_PrivateKey(ssl, pkey) != 1) {
- i_error("Can't load private ssl_key: %s", ssl_last_error());
+ i_error("Can't load private ssl_key: %s", ssl_key_load_error());
return -1;
}
EVP_PKEY_free(pkey);
More information about the dovecot-cvs
mailing list