Mercurial > dovecot > original-hg > dovecot-1.2
changeset 9394:e7a973c0101b HEAD
ssl: If given ssl key is for a different cert, give a nicer error message.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Tue, 29 Sep 2009 10:14:56 -0400 |
parents | bb8c32271dd0 |
children | 4c9f068e5ea1 |
files | src/login-common/ssl-proxy-openssl.c |
diffstat | 1 files changed, 10 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/src/login-common/ssl-proxy-openssl.c Mon Sep 28 18:25:56 2009 -0400 +++ b/src/login-common/ssl-proxy-openssl.c Tue Sep 29 10:14:56 2009 -0400 @@ -879,8 +879,16 @@ SSL_CTX_set_default_passwd_cb_userdata(ssl_server_ctx, password); if (SSL_CTX_use_PrivateKey_file(ssl_server_ctx, keyfile, SSL_FILETYPE_PEM) != 1) { - i_fatal("Can't load private key file %s: %s", - keyfile, ssl_last_error()); + err = ERR_peek_error(); + if (ERR_GET_LIB(err) == ERR_LIB_X509 && + ERR_GET_REASON(err) == X509_R_KEY_VALUES_MISMATCH) { + i_fatal("Can't load private key file %s: " + "Key is for a different cert than %s", + keyfile, certfile); + } else { + i_fatal("Can't load private key file %s: %s", + keyfile, ssl_last_error()); + } } if (getenv("SSL_VERIFY_CLIENT_CERT") != NULL)