Catch 'unknown protocol' errors in ssl fetch and explain them

The error message from OpenSSL when connecting to a non-ssl service is confusing--it looks like a certificate validation failure. Catch the error and explain what caused it.
author: danielsdeleo <dan@getchef.com> 2014-12-10 12:54:34 -0800
committer: danielsdeleo <dan@getchef.com> 2014-12-10 15:02:14 -0800
commit: 01c7e4dc402c3252a96ba05680747fe773b78f39 (patch)
tree: 52af8a549d70269b8398268f6049d33ba2bc53bf /lib
parent: e809bb40b1340309c86edac9fb5cf7f179f8f7ec (diff)
download: chef-01c7e4dc402c3252a96ba05680747fe773b78f39.tar.gz
1 files changed, 13 insertions, 0 deletions
diff --git a/lib/chef/knife/ssl_fetch.rb b/lib/chef/knife/ssl_fetch.rb
index 5626a5610d..745aca5786 100644
--- a/lib/chef/knife/ssl_fetch.rb
+++ b/lib/chef/knife/ssl_fetch.rb
@@ -136,6 +136,19 @@ TRUST_TRUST
         remote_cert_chain.each do |cert|
           write_cert(cert)
         end
+      rescue OpenSSL::SSL::SSLError => e
+        # 'unknown protocol' usually means you tried to connect to a non-ssl
+        # service. We handle that specially here, any other error we let bubble
+        # up (probably a bug of some sort).
+        raise unless e.message.include?("unknown protocol")
+
+        ui.error("The service at the given URI (#{uri}) does not accept SSL connections")
+
+        if uri.scheme == "http"
+          https_uri = uri.to_s.sub(/^http/, 'https')
+          ui.error("Perhaps you meant to connect to '#{https_uri}'?")
+        end
+        exit 1
       end
author	danielsdeleo <dan@getchef.com>	2014-12-10 12:54:34 -0800
committer	danielsdeleo <dan@getchef.com>	2014-12-10 15:02:14 -0800
commit	01c7e4dc402c3252a96ba05680747fe773b78f39 (patch)
tree	52af8a549d70269b8398268f6049d33ba2bc53bf /lib
parent	e809bb40b1340309c86edac9fb5cf7f179f8f7ec (diff)
download	chef-01c7e4dc402c3252a96ba05680747fe773b78f39.tar.gz