Catch 'unknown protocol' errors in ssl fetch and explain themssl-fetch-non-ssl-error

The error message from OpenSSL when connecting to a non-ssl service is confusing--it looks like a certificate validation failure. Catch the error and explain what caused it.
author: danielsdeleo <dan@getchef.com> 2014-12-10 12:54:34 -0800
committer: danielsdeleo <dan@getchef.com> 2014-12-10 12:54:34 -0800
commit: ab6a1a70ce9390988a6541410a688742cad4fba8 (patch)
tree: 17351c23f31ced2ab28cc2bca3dfe0f02b1abc4d /lib
parent: 1c2579ccbde1339c5dd1bd0612068aefbfc64b75 (diff)
download: chef-ssl-fetch-non-ssl-error.tar.gz
1 files changed, 13 insertions, 0 deletions
diff --git a/lib/chef/knife/ssl_fetch.rb b/lib/chef/knife/ssl_fetch.rb
index 5626a5610d..745aca5786 100644
--- a/lib/chef/knife/ssl_fetch.rb
+++ b/lib/chef/knife/ssl_fetch.rb
@@ -136,6 +136,19 @@ TRUST_TRUST
         remote_cert_chain.each do |cert|
           write_cert(cert)
         end
+      rescue OpenSSL::SSL::SSLError => e
+        # 'unknown protocol' usually means you tried to connect to a non-ssl
+        # service. We handle that specially here, any other error we let bubble
+        # up (probably a bug of some sort).
+        raise unless e.message.include?("unknown protocol")
+
+        ui.error("The service at the given URI (#{uri}) does not accept SSL connections")
+
+        if uri.scheme == "http"
+          https_uri = uri.to_s.sub(/^http/, 'https')
+          ui.error("Perhaps you meant to connect to '#{https_uri}'?")
+        end
+        exit 1
       end
author	danielsdeleo <dan@getchef.com>	2014-12-10 12:54:34 -0800
committer	danielsdeleo <dan@getchef.com>	2014-12-10 12:54:34 -0800
commit	ab6a1a70ce9390988a6541410a688742cad4fba8 (patch)
tree	17351c23f31ced2ab28cc2bca3dfe0f02b1abc4d /lib
parent	1c2579ccbde1339c5dd1bd0612068aefbfc64b75 (diff)
download	chef-ssl-fetch-non-ssl-error.tar.gz