diff options
| author | Jeremy Harris <jgh146exb@wizmail.org> | 2018-05-17 09:27:49 +0100 |
|---|---|---|
| committer | Jeremy Harris <jgh146exb@wizmail.org> | 2018-05-20 19:07:01 +0100 |
| commit | c59b09dc16145178a29850e7bda7d6bc6dedbc58 (patch) | |
| tree | b3cd2e4b239d698cc551f5c06dfdbfe913243a8a /src | |
| parent | 8aeef98ab27f12cb0fb11498bc0ede87d6bad621 (diff) | |
ARC: better diagnostics for keyfile issues
Diffstat (limited to 'src')
| -rw-r--r-- | src/src/arc.c | 3 | ||||
| -rw-r--r-- | src/src/pdkim/signing.c | 14 |
2 files changed, 12 insertions, 5 deletions
diff --git a/src/src/arc.c b/src/src/arc.c index 58811274e..dd2ad51b0 100644 --- a/src/src/arc.c +++ b/src/src/arc.c @@ -1258,6 +1258,9 @@ if ( (errstr = exim_dkim_signing_init(privkey, &sctx)) || (errstr = exim_dkim_sign(&sctx, hm, &hhash, sig))) { log_write(0, LOG_MAIN, "ARC: %s signing: %s\n", why, errstr); + DEBUG(D_transport) + debug_printf("private key, or private-key file content, was: '%s'\n", + privkey); return FALSE; } return TRUE; diff --git a/src/src/pdkim/signing.c b/src/src/pdkim/signing.c index 0545e483a..18b357eaa 100644 --- a/src/src/pdkim/signing.c +++ b/src/src/pdkim/signing.c @@ -90,14 +90,17 @@ exim_dkim_signing_init(const uschar * privkey_pem, es_ctx * sign_ctx) { gnutls_datum_t k = { .data = (void *)privkey_pem, .size = Ustrlen(privkey_pem) }; gnutls_x509_privkey_t x509_key; +const uschar * where; int rc; -if ( (rc = gnutls_x509_privkey_init(&x509_key)) - || (rc = gnutls_x509_privkey_import(x509_key, &k, GNUTLS_X509_FMT_PEM)) +if ( (where = US"internal init", rc = gnutls_x509_privkey_init(&x509_key)) || (rc = gnutls_privkey_init(&sign_ctx->key)) - || (rc = gnutls_privkey_import_x509(sign_ctx->key, x509_key, 0)) + || (where = US"privkey PEM-block import", + rc = gnutls_x509_privkey_import(x509_key, &k, GNUTLS_X509_FMT_PEM)) + || (where = US"internal privkey transfer", + rc = gnutls_privkey_import_x509(sign_ctx->key, x509_key, 0)) ) - return CUS gnutls_strerror(rc); + return string_sprintf("%s: %s", where, gnutls_strerror(rc)); switch (rc = gnutls_privkey_get_pk_algorithm(sign_ctx->key, NULL)) { @@ -712,7 +715,8 @@ exim_dkim_signing_init(const uschar * privkey_pem, es_ctx * sign_ctx) BIO * bp = BIO_new_mem_buf(privkey_pem, -1); if (!(sign_ctx->key = PEM_read_bio_PrivateKey(bp, NULL, NULL, NULL))) - return US ERR_error_string(ERR_get_error(), NULL); + return string_sprintf("privkey PEM-block import: %s", + ERR_error_string(ERR_get_error(), NULL)); sign_ctx->keytype = #ifdef SIGN_HAVE_ED25519 |