Re: [exim] TLS error: Error while reading file - which file?

Páxina inicial
Esta mensaxe é parte do seguinte fío:
MÁrbore completa do fío ordenada por data
MMarc Haber o <-
MWakko Warner o ->
Borrar esta mensaxe
Responder a esta mensaxe
Autor: Philip Hazel
Data:  
Para: Marc Haber
CC: exim-users
Asunto: Re: [exim] TLS error: Error while reading file - which file?
On Wed, 24 Nov 2004, Marc Haber wrote:

> On Wed, 24 Nov 2004 10:21:19 +0000 (GMT), Philip Hazel
> <ph10@???> wrote:
> >On Wed, 24 Nov 2004, Marc Haber wrote:
> >> When exim 4.43 cannot find the certificate file when doing starttls,
> >> it logs "TLS error on connection from $HOST: (cert/key setup): Error
> >> while reading file.".
> >>
> >> It would be helpful if the path being accessed would be logged as
> >> well: It helps spotting obvious typos, and it helps determining
> >> whether key or cert is not found.
> >
> >OpenSSL or GnuTLS?
>
> GnuTLS.

The string "Error while reading file." is the output from the function
gnutls_strerror(), which is called to get some text for the error number
that has been returned. Pity it doesn't include the name of the file it
is trying to read.

However, for that particular error, it should be possible to add the
file names (certificate and key) into the comment in parentheses. Yes,
it's easy. I have done it. The error now reads like this: 

  TLS error on connection from (rhu.barb) [::1] (cert/key setup: 
    cert=/non/exist key=/non/exist): Error while reading file.


Patch below. 

-- 
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.
Get the Exim 4 book:    http://www.uit.co.uk/exim-book




*** exim-4.43/src/tls-gnu.c Tue Oct  5 09:32:08 2004
--- tls-gnu.c    Thu Nov 25 10:04:48 2004
***************
*** 459,465 ****
      cert_expanded, key_expanded);
    rc = gnutls_certificate_set_x509_key_file(x509_cred, CS cert_expanded,
      CS key_expanded, GNUTLS_X509_FMT_PEM);
!   if (rc < 0) return tls_error(US"cert/key setup", host, rc);
    }


  /* A certificate is mandatory in a server, but not in a client */
--- 461,472 ----
      cert_expanded, key_expanded);
    rc = gnutls_certificate_set_x509_key_file(x509_cred, CS cert_expanded,
      CS key_expanded, GNUTLS_X509_FMT_PEM);
!   if (rc < 0) 
!     {
!     uschar *msg = string_sprintf("cert/key setup: cert=%s key=%s",
!       cert_expanded, key_expanded); 
!     return tls_error(msg, host, rc);
!     } 
    }


/* A certificate is mandatory in a server, but not in a client */


Esta mensaxe foi enviada ás seguintes listas:
Exim-users
Información da lista | Mensaxes recentes		<-Re: [exim] Wishlist item: once_repeat_dailyRe: [exim] about Sender: and envelope reverse-path in today's systems->
Tahini and Hummus and Cumin Development Archives administrado por cumin AdminsLurker (versión 2.3)