dovecot-1.2: ssl: If given ssl key is for a different cert, give...
dovecot at dovecot.org
dovecot at dovecot.org
Tue Sep 29 17:15:27 EEST 2009
details: http://hg.dovecot.org/dovecot-1.2/rev/e7a973c0101b
changeset: 9394:e7a973c0101b
user: Timo Sirainen <tss at iki.fi>
date: Tue Sep 29 10:14:56 2009 -0400
description:
ssl: If given ssl key is for a different cert, give a nicer error message.
diffstat:
1 file changed, 10 insertions(+), 2 deletions(-)
src/login-common/ssl-proxy-openssl.c | 12 ++++++++++--
diffs (22 lines):
diff -r bb8c32271dd0 -r e7a973c0101b src/login-common/ssl-proxy-openssl.c
--- a/src/login-common/ssl-proxy-openssl.c Mon Sep 28 18:25:56 2009 -0400
+++ b/src/login-common/ssl-proxy-openssl.c Tue Sep 29 10:14:56 2009 -0400
@@ -879,8 +879,16 @@ static void ssl_proxy_init_server(const
SSL_CTX_set_default_passwd_cb_userdata(ssl_server_ctx, password);
if (SSL_CTX_use_PrivateKey_file(ssl_server_ctx, keyfile,
SSL_FILETYPE_PEM) != 1) {
- i_fatal("Can't load private key file %s: %s",
- keyfile, ssl_last_error());
+ err = ERR_peek_error();
+ if (ERR_GET_LIB(err) == ERR_LIB_X509 &&
+ ERR_GET_REASON(err) == X509_R_KEY_VALUES_MISMATCH) {
+ i_fatal("Can't load private key file %s: "
+ "Key is for a different cert than %s",
+ keyfile, certfile);
+ } else {
+ i_fatal("Can't load private key file %s: %s",
+ keyfile, ssl_last_error());
+ }
}
if (getenv("SSL_VERIFY_CLIENT_CERT") != NULL)
More information about the dovecot-cvs
mailing list