diff options
| author |   Matthew Wild <mwild1@gmail.com> | 2009-07-28 14:48:37 +0100 |
|---|---|---|
| committer | Matthew Wild <mwild1@gmail.com> | 2009-07-28 14:48:37 +0100 |
| commit | f63e2f139a315a48963b15f4de1e196c6bb7b2d6 (patch) | |
| tree | da2efd0809f86931fc3e6db1c84c6f6b381e5c38 | |
| parent | Fixed: Possible duplicate error replies for unhandled stanzas (diff) | |
| download | prosody-f63e2f139a315a48963b15f4de1e196c6bb7b2d6.tar.xz prosody-f63e2f139a315a48963b15f4de1e196c6bb7b2d6.zip | |
net.server: Much improve SSL/TLS error reporting, do our best to understand and hide OpenSSL's ridiculously unfriendly error messages
| -rw-r--r-- | net/server.lua | 33 |
1 files changed, 27 insertions, 6 deletions
diff --git a/net/server.lua b/net/server.lua index 6fe72712a..966006c17 100644 --- a/net/server.lua +++ b/net/server.lua @@ -181,20 +181,41 @@ wrapserver = function( listeners, socket, ip, serverport, pattern, sslctx, maxco out_error "server.lua: wrong server sslctx"
ssl = false
end
- sslctx, err = ssl_newcontext( sslctx )
- if not sslctx then
+ local ctx;
+ ctx, err = ssl_newcontext( sslctx )
+ if not ctx then
err = err or "wrong sslctx parameters"
- out_error( "server.lua: ", err )
+ local file;
+ file = err:match("^error loading (.-) %(");
+ if file then
+ if file == "private key" then
+ file = sslctx.key or "your private key";
+ elseif file == "certificate" then
+ file = sslctx.certificate or "your certificate file";
+ end
+ local reason = err:match("%((.+)%)$") or "some reason";
+ if reason == "Permission denied" then
+ reason = "Check that the permissions allow Prosody to read this file.";
+ elseif reason == "No such file or directory" then
+ reason = "Check that the path is correct, and the file exists.";
+ elseif reason == "system lib" then
+ reason = "Previous error (see logs), or other system error.";
+ else
+ reason = "Reason: "..tostring(reason or "unknown"):lower();
+ end
+ log("error", "SSL/TLS: Failed to load %s: %s", file, reason);
+ else
+ log("error", "SSL/TLS: Error initialising for port %d: %s", serverport, err );
+ end
ssl = false
end
+ sslctx = ctx;
end
if not ssl then
sslctx = false;
if startssl then
- out_error( "server.lua: Cannot start ssl on port: ", serverport )
+ log("error", "Failed to listen on port %d due to SSL/TLS to SSL/TLS initialisation errors (see logs)", serverport )
return nil, "Cannot start ssl, see log for details"
- else
- out_put("server.lua: ", "ssl not enabled on ", serverport);
end
end
|