github
/
aria2
mirror of https://github.com/aria2/aria2
1
0
Fork 0
Code Issues Releases Wiki Activity

Better error messages when PKCS12 import fails

pull/128/head
Nils Maier 2013-09-24 01:02:56 +02:00
parent 063451f0c9
commit 4a1d186962
2 changed files with 15 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/LibgnutlsTLSContext.cc
View File

@ -119,7 +119,9 @@ bool GnuTLSContext::addP12CredentialFile(const std::string& p12file)
int err = gnutls_certificate_set_x509_simple_pkcs12_mem(
certCred_, &data, GNUTLS_X509_FMT_DER, "");
if (err != GNUTLS_E_SUCCESS) {
A2_LOG_ERROR("Failed to import pkcs12");
A2_LOG_ERROR("Failed to import PKCS12 file. "
"If you meant to use PEM, you'll also have to specify "
"--rpc-private-key. See the manual.");
return false;
}
return true;

20
src/LibsslTLSContext.cc
View File

@ -161,12 +161,14 @@ bool OpenSSLTLSContext::addP12CredentialFile(const std::string& p12file)
bio_t bio(BIO_new_mem_buf(ptr, len));
if (!bio) {
A2_LOG_ERROR("Failed to open p12 file: no memory");
A2_LOG_ERROR("Failed to open PKCS12 file: no memory.");
return false;
}
p12_t p12(d2i_PKCS12_bio(bio.get(), nullptr));
if (!p12) {
A2_LOG_ERROR(fmt("Failed to open p12 file: %s",
A2_LOG_ERROR(fmt("Failed to open PKCS12 file: %s. "
"If you meant to use PEM, you'll also have to specify "
"--rpc-private-key. See the manual.",
ERR_error_string(ERR_get_error(), nullptr)));
return false;
}
@ -174,7 +176,9 @@ bool OpenSSLTLSContext::addP12CredentialFile(const std::string& p12file)
X509 *cert;
STACK_OF(X509) *ca = 0;
if (!PKCS12_parse(p12.get(), "", &pkey, &cert, &ca)) {
A2_LOG_ERROR(fmt("Failed to parse p12 file: %s",
A2_LOG_ERROR(fmt("Failed to parse PKCS12 file: %s. "
"If you meant to use PEM, you'll also have to specify "
"--rpc-private-key. See the manual.",
ERR_error_string(ERR_get_error(), nullptr)));
return false;
}
@ -184,27 +188,27 @@ bool OpenSSLTLSContext::addP12CredentialFile(const std::string& p12file)
x509_sk_t ca_holder(ca);
if (!pkey || !cert) {
A2_LOG_ERROR(fmt("Failed to use p12 file: no pkey or cert %s",
A2_LOG_ERROR(fmt("Failed to use PKCS12 file: no pkey or cert %s",
ERR_error_string(ERR_get_error(), nullptr)));
return false;
}
if (!SSL_CTX_use_PrivateKey(sslCtx_, pkey)) {
A2_LOG_ERROR(fmt("Failed to use p12 file pkey: %s",
A2_LOG_ERROR(fmt("Failed to use PKCS12 file pkey: %s",
ERR_error_string(ERR_get_error(), nullptr)));
return false;
}
if (!SSL_CTX_use_certificate(sslCtx_, cert)) {
A2_LOG_ERROR(fmt("Failed to use p12 file cert: %s",
A2_LOG_ERROR(fmt("Failed to use PKCS12 file cert: %s",
ERR_error_string(ERR_get_error(), nullptr)));
return false;
}
if (ca && sk_X509_num(ca) && !SSL_CTX_add_extra_chain_cert(sslCtx_, ca)) {
A2_LOG_ERROR(fmt("Failed to use p12 file chain: %s",
A2_LOG_ERROR(fmt("Failed to use PKCS12 file chain: %s",
ERR_error_string(ERR_get_error(), nullptr)));
return false;
}
A2_LOG_INFO("Using certificate and key from p12 file");
A2_LOG_INFO("Using certificate and key from PKCS12 file");
return true;
}