From: Steffan Karger <steffan.kar...@fox-it.com> Signed-off-by: Steffan Karger <steffan.kar...@fox-it.com> --- src/openvpn/ssl_polarssl.c | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-)
diff --git a/src/openvpn/ssl_polarssl.c b/src/openvpn/ssl_polarssl.c index 3a0d8a0..2df1b30 100644 --- a/src/openvpn/ssl_polarssl.c +++ b/src/openvpn/ssl_polarssl.c @@ -261,8 +261,13 @@ tls_ctx_load_cert_file (struct tls_root_ctx *ctx, const char *cert_file, } else { - if (0 != x509_crt_parse_file(ctx->crt_chain, cert_file)) - msg (M_FATAL, "Cannot load certificate file %s", cert_file); + int retval = x509_crt_parse_file(ctx->crt_chain, cert_file); + if (0 != retval) + { + char errstr[128]; + polarssl_strerror(retval, errstr, sizeof(errstr)); + msg (M_FATAL, "Cannot load certificate file %s (%s)", cert_file, errstr); + } } } @@ -475,8 +480,13 @@ void tls_ctx_load_ca (struct tls_root_ctx *ctx, const char *ca_file, else { /* Load CA file for verifying peer supplied certificate */ - if (0 != x509_crt_parse_file(ctx->ca_chain, ca_file)) - msg (M_FATAL, "Cannot load CA certificate file %s", ca_file); + int retval = x509_crt_parse_file(ctx->ca_chain, ca_file); + if (0 != retval) + { + char errstr[128]; + polarssl_strerror(retval, errstr, sizeof(errstr)); + msg (M_FATAL, "Cannot load CA certificate file %s (%s)", ca_file, errstr); + } } } -- 1.8.3.2