From 6aef547202e33dc3bd0aebff337373c4f28f3e38 Mon Sep 17 00:00:00 2001
From: danielsdeleo <dan@getchef.com>
Date: Sat, 13 Dec 2014 10:19:34 -0800
Subject: Add specific error messaging for SSL errors to knife

Knife now gives an error message like this when an SSL error occurs:

```
ERROR: Could not establish a secure connection to the server.
Use `knife ssl check` to troubleshoot your SSL configuration.
If your Chef Server uses a self-signed certificate, you can use
`knife ssl fetch` to make knife trust the server's certificates.

Original Exception: OpenSSL::SSL::SSLError: SSL_connect returned=1
errno=0 state=SSLv3 read server certificate B: certificate verify failed
```
---
 lib/chef/knife.rb       |  7 +++++++
 spec/unit/knife_spec.rb | 15 +++++++++++++++
 2 files changed, 22 insertions(+)

diff --git a/lib/chef/knife.rb b/lib/chef/knife.rb
index 3f234d7ce3..51ccb99955 100644
--- a/lib/chef/knife.rb
+++ b/lib/chef/knife.rb
@@ -428,6 +428,13 @@ class Chef
         raise # make sure exit passes through.
       when Net::HTTPServerException, Net::HTTPFatalError
         humanize_http_exception(e)
+      when OpenSSL::SSL::SSLError
+        ui.error "Could not establish a secure connection to the server."
+        ui.info "Use `knife ssl check` to troubleshoot your SSL configuration."
+        ui.info "If your Chef Server uses a self-signed certificate, you can use"
+        ui.info "`knife ssl fetch` to make knife trust the server's certificates."
+        ui.info ""
+        ui.info  "Original Exception: #{e.class.name}: #{e.message}"
       when Errno::ECONNREFUSED, Timeout::Error, Errno::ETIMEDOUT, SocketError
         ui.error "Network Error: #{e.message}"
         ui.info "Check your knife configuration and network settings"
diff --git a/spec/unit/knife_spec.rb b/spec/unit/knife_spec.rb
index c87d80f96f..2ccf8493ad 100644
--- a/spec/unit/knife_spec.rb
+++ b/spec/unit/knife_spec.rb
@@ -435,6 +435,21 @@ describe Chef::Knife do
       expect(stderr.string).to match(%r[Check your knife configuration and network settings])
     end
 
+    it "formats SSL errors nicely and suggests to use `knife ssl check` and `knife ssl fetch`" do
+      error = OpenSSL::SSL::SSLError.new("SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed")
+      allow(knife).to receive(:run).and_raise(error)
+
+      knife.run_with_pretty_exceptions
+
+      expected_message=<<-MSG
+ERROR: Could not establish a secure connection to the server.
+Use `knife ssl check` to troubleshoot your SSL configuration.
+If your Chef Server uses a self-signed certificate, you can use
+`knife ssl fetch` to make knife trust the server's certificates.
+MSG
+      expect(stderr.string).to include(expected_message)
+    end
+
   end
 
 end
-- 
cgit v1.2.1