diff options
| author | danielsdeleo <dan@getchef.com> | 2014-12-13 10:19:34 -0800 |
|---|---|---|
| committer | danielsdeleo <dan@getchef.com> | 2014-12-14 16:34:06 -0800 |
| commit | 6aef547202e33dc3bd0aebff337373c4f28f3e38 (patch) | |
| tree | c5e3144d4b6eb1266b1a90ece5b8be306d226b7f | |
| parent | a2ce154b3bf6afde23652c1e2fb52637113d077c (diff) | |
| download | chef-knife-ssl-error-messaging.tar.gz | |
Add specific error messaging for SSL errors to knifeknife-ssl-error-messaging
Knife now gives an error message like this when an SSL error occurs:
```
ERROR: Could not establish a secure connection to the server.
Use `knife ssl check` to troubleshoot your SSL configuration.
If your Chef Server uses a self-signed certificate, you can use
`knife ssl fetch` to make knife trust the server's certificates.
Original Exception: OpenSSL::SSL::SSLError: SSL_connect returned=1
errno=0 state=SSLv3 read server certificate B: certificate verify failed
```
| -rw-r--r-- | lib/chef/knife.rb | 7 | ||||
| -rw-r--r-- | spec/unit/knife_spec.rb | 15 |
2 files changed, 22 insertions, 0 deletions
diff --git a/lib/chef/knife.rb b/lib/chef/knife.rb index 3f234d7ce3..51ccb99955 100644 --- a/lib/chef/knife.rb +++ b/lib/chef/knife.rb @@ -428,6 +428,13 @@ class Chef raise # make sure exit passes through. when Net::HTTPServerException, Net::HTTPFatalError humanize_http_exception(e) + when OpenSSL::SSL::SSLError + ui.error "Could not establish a secure connection to the server." + ui.info "Use `knife ssl check` to troubleshoot your SSL configuration." + ui.info "If your Chef Server uses a self-signed certificate, you can use" + ui.info "`knife ssl fetch` to make knife trust the server's certificates." + ui.info "" + ui.info "Original Exception: #{e.class.name}: #{e.message}" when Errno::ECONNREFUSED, Timeout::Error, Errno::ETIMEDOUT, SocketError ui.error "Network Error: #{e.message}" ui.info "Check your knife configuration and network settings" diff --git a/spec/unit/knife_spec.rb b/spec/unit/knife_spec.rb index c87d80f96f..2ccf8493ad 100644 --- a/spec/unit/knife_spec.rb +++ b/spec/unit/knife_spec.rb @@ -435,6 +435,21 @@ describe Chef::Knife do expect(stderr.string).to match(%r[Check your knife configuration and network settings]) end + it "formats SSL errors nicely and suggests to use `knife ssl check` and `knife ssl fetch`" do + error = OpenSSL::SSL::SSLError.new("SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed") + allow(knife).to receive(:run).and_raise(error) + + knife.run_with_pretty_exceptions + + expected_message=<<-MSG +ERROR: Could not establish a secure connection to the server. +Use `knife ssl check` to troubleshoot your SSL configuration. +If your Chef Server uses a self-signed certificate, you can use +`knife ssl fetch` to make knife trust the server's certificates. +MSG + expect(stderr.string).to include(expected_message) + end + end end |