summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPete Higgins <pete@peterhiggins.org>2020-12-16 14:43:00 -0800
committerPete Higgins <pete@peterhiggins.org>2020-12-16 14:43:00 -0800
commit0e4abd29a2f10bbfe96929d79c432f36dfff2ead (patch)
treefed20ae64ac7e577f2fb243865560aad35c78ccf
parent8f2cbbdc7fb504cbf19b38321995870af32ef0b0 (diff)
downloadchef-0e4abd29a2f10bbfe96929d79c432f36dfff2ead.tar.gz
Add friendlier error messages for OpenSSL stuff.
Signed-off-by: Pete Higgins <pete@peterhiggins.org>
-rw-r--r--lib/chef/http/ssl_policies.rb13
-rw-r--r--spec/unit/http/ssl_policies_spec.rb20
2 files changed, 27 insertions, 6 deletions
diff --git a/lib/chef/http/ssl_policies.rb b/lib/chef/http/ssl_policies.rb
index 5b4ac347f6..f6fd7dc580 100644
--- a/lib/chef/http/ssl_policies.rb
+++ b/lib/chef/http/ssl_policies.rb
@@ -105,8 +105,17 @@ class Chef
raise Chef::Exceptions::ConfigurationError, "The configured ssl_client_key #{config[:ssl_client_key]} does not exist"
end
- http_client.cert = OpenSSL::X509::Certificate.new(::File.binread(config[:ssl_client_cert]))
- http_client.key = OpenSSL::PKey::RSA.new(::File.binread(config[:ssl_client_key]))
+ begin
+ http_client.cert = OpenSSL::X509::Certificate.new(::File.binread(config[:ssl_client_cert]))
+ rescue OpenSSL::X509::CertificateError => e
+ raise Chef::Exceptions::ConfigurationError, "Error reading cert file '#{config[:ssl_client_cert]}', original error '#{e.class}: #{e.message}'"
+ end
+
+ begin
+ http_client.key = OpenSSL::PKey::RSA.new(::File.binread(config[:ssl_client_key]))
+ rescue OpenSSL::PKey::RSAError => e
+ raise Chef::Exceptions::ConfigurationError, "Error reading key file '#{config[:ssl_client_key]}', original error '#{e.class}: #{e.message}'"
+ end
end
end
diff --git a/spec/unit/http/ssl_policies_spec.rb b/spec/unit/http/ssl_policies_spec.rb
index 245f66bf0d..d984a58f6f 100644
--- a/spec/unit/http/ssl_policies_spec.rb
+++ b/spec/unit/http/ssl_policies_spec.rb
@@ -101,19 +101,31 @@ describe "HTTP SSL Policy" do
it "raises ConfigurationError if the certificate file doesn't exist" do
Chef::Config[:ssl_client_cert] = "/dev/null/nothing_here"
Chef::Config[:ssl_client_key] = CHEF_SPEC_DATA + "/ssl/chef-rspec.key"
- expect { http_client }.to raise_error(Chef::Exceptions::ConfigurationError)
+ expect { http_client }.to raise_error(Chef::Exceptions::ConfigurationError, /ssl_client_cert .* does not exist/)
end
- it "raises ConfigurationError if the certificate file doesn't exist" do
+ it "raises ConfigurationError if the private key file doesn't exist" do
Chef::Config[:ssl_client_cert] = CHEF_SPEC_DATA + "/ssl/chef-rspec.cert"
Chef::Config[:ssl_client_key] = "/dev/null/nothing_here"
- expect { http_client }.to raise_error(Chef::Exceptions::ConfigurationError)
+ expect { http_client }.to raise_error(Chef::Exceptions::ConfigurationError, /ssl_client_key .* does not exist/)
end
it "raises a ConfigurationError if one of :ssl_client_cert and :ssl_client_key is set but not both" do
Chef::Config[:ssl_client_cert] = "/dev/null/nothing_here"
Chef::Config[:ssl_client_key] = nil
- expect { http_client }.to raise_error(Chef::Exceptions::ConfigurationError)
+ expect { http_client }.to raise_error(Chef::Exceptions::ConfigurationError, /configure ssl_client_cert and ssl_client_key together/)
+ end
+
+ it "raises a ConfigurationError with a bad cert file" do
+ Chef::Config[:ssl_client_cert] = __FILE__
+ Chef::Config[:ssl_client_key] = CHEF_SPEC_DATA + "/ssl/chef-rspec.key"
+ expect { http_client }.to raise_error(Chef::Exceptions::ConfigurationError, /Error reading cert file '#{__FILE__}'/)
+ end
+
+ it "raises a ConfigurationError with a bad key file" do
+ Chef::Config[:ssl_client_cert] = CHEF_SPEC_DATA + "/ssl/chef-rspec.cert"
+ Chef::Config[:ssl_client_key] = __FILE__
+ expect { http_client }.to raise_error(Chef::Exceptions::ConfigurationError, /Error reading key file '#{__FILE__}'/)
end
it "configures the HTTP client's cert and private key" do