upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-10 23:40:00 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

[9.18] fix: usr: Provide more visibility into configuration errors

Browse source 
by logging SSL_CTX_use_certificate_chain_file and SSL_CTX_use_PrivateKey_file errors individually.

Closes #5008

Backport of MR !9683

Merge branch 'backport-5008-provide-more-visibility-into-ssl-errors-9.18' into 'bind-9.18'

See merge request isc-projects/bind9!9768
This commit is contained in:
Mark Andrews 2024-11-26 02:33:11 +00:00
commit f63a0ebdfe
1 changed files with 15 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
lib/isc/tls.c
View file

@ -277,10 +277,25 @@ isc_tlsctx_load_certificate(isc_tlsctx_t *ctx, const char *keyfile,
rv = SSL_CTX_use_certificate_chain_file(ctx, certfile);
if (rv != 1) {
unsigned long err = ERR_peek_last_error();
char errbuf[1024] = { 0 };
ERR_error_string_n(err, errbuf, sizeof(errbuf));
isc_log_write(
isc_lctx, ISC_LOGCATEGORY_GENERAL, ISC_LOGMODULE_NETMGR,
ISC_LOG_ERROR,
"SSL_CTX_use_certificate_chain_file: '%s' failed: %s",
certfile, errbuf);
return ISC_R_TLSERROR;
}
rv = SSL_CTX_use_PrivateKey_file(ctx, keyfile, SSL_FILETYPE_PEM);
if (rv != 1) {
unsigned long err = ERR_peek_last_error();
char errbuf[1024] = { 0 };
ERR_error_string_n(err, errbuf, sizeof(errbuf));
isc_log_write(isc_lctx, ISC_LOGCATEGORY_GENERAL,
ISC_LOGMODULE_NETMGR, ISC_LOG_ERROR,
"SSL_CTX_use_PrivateKey_file: '%s' failed: %s",
keyfile, errbuf);
return ISC_R_TLSERROR;
}