Software /
code /
prosody
Changeset
1612:0413aaf9edae
net.server: Much improve SSL/TLS error reporting, do our best to understand and hide OpenSSL's ridiculously unfriendly error messages
author | Matthew Wild <mwild1@gmail.com> |
---|---|
date | Tue, 28 Jul 2009 14:48:37 +0100 |
parents | 1609:95d3bcd82334 |
children | 1613:ebf0813a81f6 |
files | net/server.lua |
diffstat | 1 files changed, 27 insertions(+), 6 deletions(-) [+] |
line wrap: on
line diff
--- a/net/server.lua Tue Jul 28 00:42:56 2009 +0500 +++ b/net/server.lua Tue Jul 28 14:48:37 2009 +0100 @@ -181,20 +181,41 @@ out_error "server.lua: wrong server sslctx" ssl = false end - sslctx, err = ssl_newcontext( sslctx ) - if not sslctx then + local ctx; + ctx, err = ssl_newcontext( sslctx ) + if not ctx then err = err or "wrong sslctx parameters" - out_error( "server.lua: ", err ) + local file; + file = err:match("^error loading (.-) %("); + if file then + if file == "private key" then + file = sslctx.key or "your private key"; + elseif file == "certificate" then + file = sslctx.certificate or "your certificate file"; + end + local reason = err:match("%((.+)%)$") or "some reason"; + if reason == "Permission denied" then + reason = "Check that the permissions allow Prosody to read this file."; + elseif reason == "No such file or directory" then + reason = "Check that the path is correct, and the file exists."; + elseif reason == "system lib" then + reason = "Previous error (see logs), or other system error."; + else + reason = "Reason: "..tostring(reason or "unknown"):lower(); + end + log("error", "SSL/TLS: Failed to load %s: %s", file, reason); + else + log("error", "SSL/TLS: Error initialising for port %d: %s", serverport, err ); + end ssl = false end + sslctx = ctx; end if not ssl then sslctx = false; if startssl then - out_error( "server.lua: Cannot start ssl on port: ", serverport ) + log("error", "Failed to listen on port %d due to SSL/TLS to SSL/TLS initialisation errors (see logs)", serverport ) return nil, "Cannot start ssl, see log for details" - else - out_put("server.lua: ", "ssl not enabled on ", serverport); end end