Mercurial > dovecot > original-hg > dovecot-1.2

changeset 9394:e7a973c0101b HEAD

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
ssl: If given ssl key is for a different cert, give a nicer error message.
author Timo Sirainen <tss@iki.fi>
date Tue, 29 Sep 2009 10:14:56 -0400
parents bb8c32271dd0
children 4c9f068e5ea1
files src/login-common/ssl-proxy-openssl.c
diffstat 1 files changed, 10 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/src/login-common/ssl-proxy-openssl.c	Mon Sep 28 18:25:56 2009 -0400
+++ b/src/login-common/ssl-proxy-openssl.c	Tue Sep 29 10:14:56 2009 -0400
@@ -879,8 +879,16 @@
         SSL_CTX_set_default_passwd_cb_userdata(ssl_server_ctx, password);
 	if (SSL_CTX_use_PrivateKey_file(ssl_server_ctx, keyfile,
 					SSL_FILETYPE_PEM) != 1) {
-		i_fatal("Can't load private key file %s: %s",
-			keyfile, ssl_last_error());
+		err = ERR_peek_error();
+		if (ERR_GET_LIB(err) == ERR_LIB_X509 &&
+		    ERR_GET_REASON(err) == X509_R_KEY_VALUES_MISMATCH) {
+			i_fatal("Can't load private key file %s: "
+				"Key is for a different cert than %s",
+				keyfile, certfile);
+		} else {
+			i_fatal("Can't load private key file %s: %s",
+				keyfile, ssl_last_error());
+		}
 	}
 
 	if (getenv("SSL_VERIFY_CLIENT_CERT") != NULL)