Repository: mesos Updated Branches: refs/heads/master d7b1b667d -> 53583a763
Added openssl error string output to initializing failures. Adds the human readable openssl error messages for failure cases. Also fixes a spacing nit in one of the existing messages. Review: https://reviews.apache.org/r/52031/ Project: http://git-wip-us.apache.org/repos/asf/mesos/repo Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/620afd31 Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/620afd31 Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/620afd31 Branch: refs/heads/master Commit: 620afd314e494ca11fce6fad7bba53af8223a854 Parents: d7b1b66 Author: Till Toenshoff <toensh...@me.com> Authored: Thu Sep 29 18:51:46 2016 +0200 Committer: Alexander Rukletsov <al...@apache.org> Committed: Thu Sep 29 18:51:46 2016 +0200 ---------------------------------------------------------------------- 3rdparty/libprocess/src/openssl.cpp | 23 +++++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/mesos/blob/620afd31/3rdparty/libprocess/src/openssl.cpp ---------------------------------------------------------------------- diff --git a/3rdparty/libprocess/src/openssl.cpp b/3rdparty/libprocess/src/openssl.cpp index c09cdc8..cc207bc 100644 --- a/3rdparty/libprocess/src/openssl.cpp +++ b/3rdparty/libprocess/src/openssl.cpp @@ -318,7 +318,7 @@ void reinitialize() if (load.isError()) { EXIT(EXIT_FAILURE) << "Failed to load flags from environment variables " - << "prefixed by LIBPROCESS_SSL_ or SSL_ (deprecated):" + << "prefixed by LIBPROCESS_SSL_ or SSL_ (deprecated): " << load.error(); } @@ -464,7 +464,7 @@ void reinitialize() if (SSL_CTX_load_verify_locations(ctx, ca_file, ca_dir) != 1) { unsigned long error = ERR_get_error(); EXIT(EXIT_FAILURE) - << "Could not load CA file and/or directory (" + << "Could not load CA file and/or directory (OpenSSL error #" << stringify(error) << "): " << error_string(error) << " -> " << (ca_file != nullptr ? (stringify("FILE: ") + ca_file) : "") @@ -504,7 +504,10 @@ void reinitialize() if (SSL_CTX_use_certificate_chain_file( ctx, ssl_flags->cert_file.get().c_str()) != 1) { - EXIT(EXIT_FAILURE) << "Could not load cert file"; + unsigned long error = ERR_get_error(); + EXIT(EXIT_FAILURE) + << "Could not load cert file '" << ssl_flags->cert_file.get() << "' " + << "(OpenSSL error #" << stringify(error) << "): " << error_string(error); } // Set private key. @@ -512,19 +515,27 @@ void reinitialize() ctx, ssl_flags->key_file.get().c_str(), SSL_FILETYPE_PEM) != 1) { - EXIT(EXIT_FAILURE) << "Could not load key file"; + unsigned long error = ERR_get_error(); + EXIT(EXIT_FAILURE) + << "Could not load key file '" << ssl_flags->key_file.get() << "' " + << "(OpenSSL error #" << stringify(error) << "): " << error_string(error); } // Validate key. if (SSL_CTX_check_private_key(ctx) != 1) { + unsigned long error = ERR_get_error(); EXIT(EXIT_FAILURE) - << "Private key does not match the certificate public key"; + << "Private key does not match the certificate public key " + << "(OpenSSL error #" << stringify(error) << "): " << error_string(error); } VLOG(2) << "Using ciphers: " << ssl_flags->ciphers; if (SSL_CTX_set_cipher_list(ctx, ssl_flags->ciphers.c_str()) == 0) { - EXIT(EXIT_FAILURE) << "Could not set ciphers: " << ssl_flags->ciphers; + unsigned long error = ERR_get_error(); + EXIT(EXIT_FAILURE) + << "Could not set ciphers '" << ssl_flags->ciphers << "' " + << "(OpenSSL error #" << stringify(error) << "): " << error_string(error); } // Clear all the protocol options. They will be reset if needed