From 57194af7f09c00c0f123e3e1faad303cf5fbcd5d Mon Sep 17 00:00:00 2001 From: Aaron Lehmann Date: Wed, 20 Jan 2016 10:53:41 -0800 Subject: [PATCH] Clarify error message when a .cert file is missing a corresponding key The daemon uses two similar filename extensions to identify different kinds of certificates. ".crt" files are interpreted as CA certificates, and ".cert" files are interprted as client certificates. If a CA certificate is accidentally given the extension ".cert", it will lead to the following error message: Missing key ca.key for certificate ca.cert To make this slightly less confusing, clarify the error message with a note that CA certificates should use the extension ".crt". Signed-off-by: Aaron Lehmann Upstream-commit: d5e2802eae4815b06ce477d8de54fe0caa3aa812 Component: engine --- components/engine/registry/registry.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/components/engine/registry/registry.go b/components/engine/registry/registry.go index 643fa56e6a..bacc4aed1f 100644 --- a/components/engine/registry/registry.go +++ b/components/engine/registry/registry.go @@ -109,7 +109,7 @@ func ReadCertsDirectory(tlsConfig *tls.Config, directory string) error { keyName := certName[:len(certName)-5] + ".key" logrus.Debugf("cert: %s", filepath.Join(directory, f.Name())) if !hasFile(fs, keyName) { - return fmt.Errorf("Missing key %s for certificate %s", keyName, certName) + return fmt.Errorf("Missing key %s for client certificate %s. Note that CA certificates should use the extension .crt.", keyName, certName) } cert, err := tls.LoadX509KeyPair(filepath.Join(directory, certName), filepath.Join(directory, keyName)) if err != nil { @@ -122,7 +122,7 @@ func ReadCertsDirectory(tlsConfig *tls.Config, directory string) error { certName := keyName[:len(keyName)-4] + ".cert" logrus.Debugf("key: %s", filepath.Join(directory, f.Name())) if !hasFile(fs, certName) { - return fmt.Errorf("Missing certificate %s for key %s", certName, keyName) + return fmt.Errorf("Missing client certificate %s for key %s", certName, keyName) } } }