diff options
author | Pete Higgins <pete@peterhiggins.org> | 2020-12-16 14:43:00 -0800 |
---|---|---|
committer | Pete Higgins <pete@peterhiggins.org> | 2020-12-16 14:43:00 -0800 |
commit | 0e4abd29a2f10bbfe96929d79c432f36dfff2ead (patch) | |
tree | fed20ae64ac7e577f2fb243865560aad35c78ccf | |
parent | 8f2cbbdc7fb504cbf19b38321995870af32ef0b0 (diff) | |
download | chef-0e4abd29a2f10bbfe96929d79c432f36dfff2ead.tar.gz |
Add friendlier error messages for OpenSSL stuff.
Signed-off-by: Pete Higgins <pete@peterhiggins.org>
-rw-r--r-- | lib/chef/http/ssl_policies.rb | 13 | ||||
-rw-r--r-- | spec/unit/http/ssl_policies_spec.rb | 20 |
2 files changed, 27 insertions, 6 deletions
diff --git a/lib/chef/http/ssl_policies.rb b/lib/chef/http/ssl_policies.rb index 5b4ac347f6..f6fd7dc580 100644 --- a/lib/chef/http/ssl_policies.rb +++ b/lib/chef/http/ssl_policies.rb @@ -105,8 +105,17 @@ class Chef raise Chef::Exceptions::ConfigurationError, "The configured ssl_client_key #{config[:ssl_client_key]} does not exist" end - http_client.cert = OpenSSL::X509::Certificate.new(::File.binread(config[:ssl_client_cert])) - http_client.key = OpenSSL::PKey::RSA.new(::File.binread(config[:ssl_client_key])) + begin + http_client.cert = OpenSSL::X509::Certificate.new(::File.binread(config[:ssl_client_cert])) + rescue OpenSSL::X509::CertificateError => e + raise Chef::Exceptions::ConfigurationError, "Error reading cert file '#{config[:ssl_client_cert]}', original error '#{e.class}: #{e.message}'" + end + + begin + http_client.key = OpenSSL::PKey::RSA.new(::File.binread(config[:ssl_client_key])) + rescue OpenSSL::PKey::RSAError => e + raise Chef::Exceptions::ConfigurationError, "Error reading key file '#{config[:ssl_client_key]}', original error '#{e.class}: #{e.message}'" + end end end diff --git a/spec/unit/http/ssl_policies_spec.rb b/spec/unit/http/ssl_policies_spec.rb index 245f66bf0d..d984a58f6f 100644 --- a/spec/unit/http/ssl_policies_spec.rb +++ b/spec/unit/http/ssl_policies_spec.rb @@ -101,19 +101,31 @@ describe "HTTP SSL Policy" do it "raises ConfigurationError if the certificate file doesn't exist" do Chef::Config[:ssl_client_cert] = "/dev/null/nothing_here" Chef::Config[:ssl_client_key] = CHEF_SPEC_DATA + "/ssl/chef-rspec.key" - expect { http_client }.to raise_error(Chef::Exceptions::ConfigurationError) + expect { http_client }.to raise_error(Chef::Exceptions::ConfigurationError, /ssl_client_cert .* does not exist/) end - it "raises ConfigurationError if the certificate file doesn't exist" do + it "raises ConfigurationError if the private key file doesn't exist" do Chef::Config[:ssl_client_cert] = CHEF_SPEC_DATA + "/ssl/chef-rspec.cert" Chef::Config[:ssl_client_key] = "/dev/null/nothing_here" - expect { http_client }.to raise_error(Chef::Exceptions::ConfigurationError) + expect { http_client }.to raise_error(Chef::Exceptions::ConfigurationError, /ssl_client_key .* does not exist/) end it "raises a ConfigurationError if one of :ssl_client_cert and :ssl_client_key is set but not both" do Chef::Config[:ssl_client_cert] = "/dev/null/nothing_here" Chef::Config[:ssl_client_key] = nil - expect { http_client }.to raise_error(Chef::Exceptions::ConfigurationError) + expect { http_client }.to raise_error(Chef::Exceptions::ConfigurationError, /configure ssl_client_cert and ssl_client_key together/) + end + + it "raises a ConfigurationError with a bad cert file" do + Chef::Config[:ssl_client_cert] = __FILE__ + Chef::Config[:ssl_client_key] = CHEF_SPEC_DATA + "/ssl/chef-rspec.key" + expect { http_client }.to raise_error(Chef::Exceptions::ConfigurationError, /Error reading cert file '#{__FILE__}'/) + end + + it "raises a ConfigurationError with a bad key file" do + Chef::Config[:ssl_client_cert] = CHEF_SPEC_DATA + "/ssl/chef-rspec.cert" + Chef::Config[:ssl_client_key] = __FILE__ + expect { http_client }.to raise_error(Chef::Exceptions::ConfigurationError, /Error reading key file '#{__FILE__}'/) end it "configures the HTTP client's cert and private key" do |