Better diagnostics for SSL certificate failures

2025-12-06 17:27:52 +00:00 · 2014-03-14 16:20:34 -07:00
parent 29a4f61551
commit 8545aee4c7
1 changed files with 26 additions and 9 deletions
--- a/src/ripple/common/impl/RippleSSLContext.cpp
+++ b/src/ripple/common/impl/RippleSSLContext.cpp
@@ -22,6 +22,7 @@
 #include "../../beast/modules/beast_core/beast_core.h"

 #include <cstdint>
+#include <sstream>

 namespace ripple {

@@ -46,6 +47,18 @@ public:
        return DHparams_dup (getDH (key_length));
    }

+    // Pretty prints an error message
+    std::string error_message (std::string const& what,
+        boost::system::error_code const& ec)
+    {
+        std::stringstream ss;
+        ss <<
+            what << ": " <<
+            ec.message() <<
+            " (" << ec.value() << ")";
+        return ss.str();
+    }
+
    //--------------------------------------------------------------------------

    static std::string getRawDHParams (int keySize)
@@ -123,14 +136,15 @@ public:

        if (! cert_file.empty ())
        {
-            boost::system::error_code error;
+            boost::system::error_code ec;
            
            m_context.use_certificate_file (
-                cert_file, boost::asio::ssl::context::pem, error);
+                cert_file, boost::asio::ssl::context::pem, ec);

-            if (error)
+            if (ec)
            {
-                beast::FatalError ("Problem with SSL certificate file.",
+                beast::FatalError (error_message (
+                    "Problem with SSL certificate file.", ec).c_str(),
                    __FILE__, __LINE__);
            }

@@ -144,7 +158,9 @@ public:

            if (!f)
            {
-                beast::FatalError ("Problem opening SSL chain file.",
+                beast::FatalError (error_message (
+                    "Problem opening SSL chain file.", boost::system::error_code (errno,
+                    boost::system::generic_category())).c_str(),
                    __FILE__, __LINE__);
            }

@@ -185,14 +201,15 @@ public:

        if (! key_file.empty ())
        {
-            boost::system::error_code error;
+            boost::system::error_code ec;

            m_context.use_private_key_file (key_file,
-                boost::asio::ssl::context::pem, error);
+                boost::asio::ssl::context::pem, ec);

-            if (error)
+            if (ec)
            {
-                beast::FatalError ("Problem using the SSL private key file.",
+                beast::FatalError (error_message (
+                    "Problem using the SSL private key file.", ec).c_str(),
                    __FILE__, __LINE__);
            }
        }