diff options
author | danielsdeleo <dan@getchef.com> | 2014-12-13 10:19:34 -0800 |
---|---|---|
committer | danielsdeleo <dan@getchef.com> | 2014-12-15 10:40:59 -0800 |
commit | 49689f6ba30eec7d3b325e4add31332e31ed0816 (patch) | |
tree | 47c56265aa31b97010c71a3d7143ebb5d4a674a0 | |
parent | 2a843602a4e47678442a46695aced2c4a68b6611 (diff) | |
download | chef-49689f6ba30eec7d3b325e4add31332e31ed0816.tar.gz |
Add specific error messaging for SSL errors to knife
Knife now gives an error message like this when an SSL error occurs:
```
ERROR: Could not establish a secure connection to the server.
Use `knife ssl check` to troubleshoot your SSL configuration.
If your Chef Server uses a self-signed certificate, you can use
`knife ssl fetch` to make knife trust the server's certificates.
Original Exception: OpenSSL::SSL::SSLError: SSL_connect returned=1
errno=0 state=SSLv3 read server certificate B: certificate verify failed
```
-rw-r--r-- | lib/chef/knife.rb | 7 | ||||
-rw-r--r-- | spec/unit/knife_spec.rb | 15 |
2 files changed, 22 insertions, 0 deletions
diff --git a/lib/chef/knife.rb b/lib/chef/knife.rb index 3f234d7ce3..51ccb99955 100644 --- a/lib/chef/knife.rb +++ b/lib/chef/knife.rb @@ -428,6 +428,13 @@ class Chef raise # make sure exit passes through. when Net::HTTPServerException, Net::HTTPFatalError humanize_http_exception(e) + when OpenSSL::SSL::SSLError + ui.error "Could not establish a secure connection to the server." + ui.info "Use `knife ssl check` to troubleshoot your SSL configuration." + ui.info "If your Chef Server uses a self-signed certificate, you can use" + ui.info "`knife ssl fetch` to make knife trust the server's certificates." + ui.info "" + ui.info "Original Exception: #{e.class.name}: #{e.message}" when Errno::ECONNREFUSED, Timeout::Error, Errno::ETIMEDOUT, SocketError ui.error "Network Error: #{e.message}" ui.info "Check your knife configuration and network settings" diff --git a/spec/unit/knife_spec.rb b/spec/unit/knife_spec.rb index c87d80f96f..2ccf8493ad 100644 --- a/spec/unit/knife_spec.rb +++ b/spec/unit/knife_spec.rb @@ -435,6 +435,21 @@ describe Chef::Knife do expect(stderr.string).to match(%r[Check your knife configuration and network settings]) end + it "formats SSL errors nicely and suggests to use `knife ssl check` and `knife ssl fetch`" do + error = OpenSSL::SSL::SSLError.new("SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed") + allow(knife).to receive(:run).and_raise(error) + + knife.run_with_pretty_exceptions + + expected_message=<<-MSG +ERROR: Could not establish a secure connection to the server. +Use `knife ssl check` to troubleshoot your SSL configuration. +If your Chef Server uses a self-signed certificate, you can use +`knife ssl fetch` to make knife trust the server's certificates. +MSG + expect(stderr.string).to include(expected_message) + end + end end |