# HG changeset patch # User Matthew Wild # Date 1248788917 -3600 # Node ID 0413aaf9edaeac69a54af4ad8916cfeaeb507555 # Parent 95d3bcd82334fc5ecc9f3140d854baa457508e50 net.server: Much improve SSL/TLS error reporting, do our best to understand and hide OpenSSL's ridiculously unfriendly error messages diff -r 95d3bcd82334 -r 0413aaf9edae net/server.lua --- a/net/server.lua Tue Jul 28 00:42:56 2009 +0500 +++ b/net/server.lua Tue Jul 28 14:48:37 2009 +0100 @@ -181,20 +181,41 @@ out_error "server.lua: wrong server sslctx" ssl = false end - sslctx, err = ssl_newcontext( sslctx ) - if not sslctx then + local ctx; + ctx, err = ssl_newcontext( sslctx ) + if not ctx then err = err or "wrong sslctx parameters" - out_error( "server.lua: ", err ) + local file; + file = err:match("^error loading (.-) %("); + if file then + if file == "private key" then + file = sslctx.key or "your private key"; + elseif file == "certificate" then + file = sslctx.certificate or "your certificate file"; + end + local reason = err:match("%((.+)%)$") or "some reason"; + if reason == "Permission denied" then + reason = "Check that the permissions allow Prosody to read this file."; + elseif reason == "No such file or directory" then + reason = "Check that the path is correct, and the file exists."; + elseif reason == "system lib" then + reason = "Previous error (see logs), or other system error."; + else + reason = "Reason: "..tostring(reason or "unknown"):lower(); + end + log("error", "SSL/TLS: Failed to load %s: %s", file, reason); + else + log("error", "SSL/TLS: Error initialising for port %d: %s", serverport, err ); + end ssl = false end + sslctx = ctx; end if not ssl then sslctx = false; if startssl then - out_error( "server.lua: Cannot start ssl on port: ", serverport ) + log("error", "Failed to listen on port %d due to SSL/TLS to SSL/TLS initialisation errors (see logs)", serverport ) return nil, "Cannot start ssl, see log for details" - else - out_put("server.lua: ", "ssl not enabled on ", serverport); end end