From 9006839ed71168f7688b552410c7ed02e7c2db63 Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Wed, 18 Sep 2024 15:30:01 +1000
Subject: [PATCH] Provide more visibility into configuration errors

by logging SSL_CTX_use_certificate_chain_file and
SSL_CTX_use_PrivateKey_file errors
---
 lib/isc/tls.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/lib/isc/tls.c b/lib/isc/tls.c
index 79bb2e5385..944425c778 100644
--- a/lib/isc/tls.c
+++ b/lib/isc/tls.c
@@ -147,10 +147,25 @@ isc_tlsctx_load_certificate(isc_tlsctx_t *ctx, const char *keyfile,
 
 	rv = SSL_CTX_use_certificate_chain_file(ctx, certfile);
 	if (rv != 1) {
+		unsigned long err = ERR_peek_last_error();
+		char errbuf[1024] = { 0 };
+		ERR_error_string_n(err, errbuf, sizeof(errbuf));
+		isc_log_write(
+			ISC_LOGCATEGORY_GENERAL, ISC_LOGMODULE_NETMGR,
+			ISC_LOG_ERROR,
+			"SSL_CTX_use_certificate_chain_file: '%s' failed: %s",
+			certfile, errbuf);
 		return ISC_R_TLSERROR;
 	}
 	rv = SSL_CTX_use_PrivateKey_file(ctx, keyfile, SSL_FILETYPE_PEM);
 	if (rv != 1) {
+		unsigned long err = ERR_peek_last_error();
+		char errbuf[1024] = { 0 };
+		ERR_error_string_n(err, errbuf, sizeof(errbuf));
+		isc_log_write(ISC_LOGCATEGORY_GENERAL, ISC_LOGMODULE_NETMGR,
+			      ISC_LOG_ERROR,
+			      "SSL_CTX_use_PrivateKey_file: '%s' failed: %s",
+			      keyfile, errbuf);
 		return ISC_R_TLSERROR;
 	}