upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-09 12:32:04 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

[9.20] fix: usr: Provide more visibility into configuration errors

Browse source 
by logging SSL_CTX_use_certificate_chain_file and SSL_CTX_use_PrivateKey_file errors individually.

Closes #5008

Backport of MR !9683

Merge branch 'backport-5008-provide-more-visibility-into-ssl-errors-9.20' into 'bind-9.20'

See merge request isc-projects/bind9!9767
This commit is contained in:
Mark Andrews 2024-11-26 03:16:26 +00:00
commit 41fd5e9955
1 changed files with 15 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
lib/isc/tls.c
View file

@ -341,10 +341,25 @@ isc_tlsctx_load_certificate(isc_tlsctx_t *ctx, const char *keyfile,
rv = SSL_CTX_use_certificate_chain_file(ctx, certfile);
if (rv != 1) {
unsigned long err = ERR_peek_last_error();
char errbuf[1024] = { 0 };
ERR_error_string_n(err, errbuf, sizeof(errbuf));
isc_log_write(
isc_lctx, ISC_LOGCATEGORY_GENERAL, ISC_LOGMODULE_NETMGR,
ISC_LOG_ERROR,
"SSL_CTX_use_certificate_chain_file: '%s' failed: %s",
certfile, errbuf);
return ISC_R_TLSERROR;
}
rv = SSL_CTX_use_PrivateKey_file(ctx, keyfile, SSL_FILETYPE_PEM);
if (rv != 1) {
unsigned long err = ERR_peek_last_error();
char errbuf[1024] = { 0 };
ERR_error_string_n(err, errbuf, sizeof(errbuf));
isc_log_write(isc_lctx, ISC_LOGCATEGORY_GENERAL,
ISC_LOGMODULE_NETMGR, ISC_LOG_ERROR,
"SSL_CTX_use_PrivateKey_file: '%s' failed: %s",
keyfile, errbuf);
return ISC_R_TLSERROR;
}