diff options
| author | Dan Prince <dprince@redhat.com> | 2012-07-31 07:49:49 -0400 |
|---|---|---|
| committer | Dan Prince <dprince@redhat.com> | 2012-07-31 07:53:59 -0400 |
| commit | 2b2d0a15311fb1e9b6369374dfd5e0b49e4bf7a8 (patch) | |
| tree | 342755bbee3f3e3926ce70f247f8dc2de315d03f /keystone/openstack | |
| parent | 0f77f751447ab2a1e2f4dc715aef07233e1669ef (diff) | |
Log errors when signing/verifying.
The patch updates the PKI cms_verify and cms_sign_text methods so
that they log full error messages to the log file when errors occur.
These error messages will now include useful output from the openssl
commands that failed (which should help end users better diagnose
configuration issues with PKI). For example:
2012-07-31 11:10:53 ERROR [keystone.common.cms] Error opening signing
key file /etc/keystone/ssl/private/signing_key.pem
140380567730016:error:0200100D:system library:fopen:Permission
denied:bss_file.c:398:fopen('/etc/keystone/ssl/private/signing_key.pem','r')
140380567730016:error:20074002:BIO routines:FILE_CTRL:system
lib:bss_file.c:400:
unable to load signing key file
Previously you'd just get an error that looked like this:
CalledProcessError: Command 'openssl' returned non-zero exit status 3
Fixes LP Bug #1031317.
Change-Id: I8990ef057488fe71d077a02b443da464f99fcd94
Diffstat (limited to 'keystone/openstack')
0 files changed, 0 insertions, 0 deletions