From aaab5bbc746b22961ffb43e081164fce65ca5dec Mon Sep 17 00:00:00 2001
From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date: Thu, 21 Jan 2016 23:13:13 +0900
Subject: [PATCH] Improve error message when loading pkcs12 file failed

---
 src/LibgnutlsTLSContext.cc | 13 ++++++++++---
 src/LibsslTLSContext.cc    | 32 ++++++++++++++++++++++++--------
 2 files changed, 34 insertions(+), 11 deletions(-)

diff --git a/src/LibgnutlsTLSContext.cc b/src/LibgnutlsTLSContext.cc
index 8577d1c3b..7a6cc98cc 100644
--- a/src/LibgnutlsTLSContext.cc
+++ b/src/LibgnutlsTLSContext.cc
@@ -111,9 +111,16 @@ bool GnuTLSContext::addP12CredentialFile(const std::string& p12file)
   int err = gnutls_certificate_set_x509_simple_pkcs12_mem(
       certCred_, &data, GNUTLS_X509_FMT_DER, "");
   if (err != GNUTLS_E_SUCCESS) {
-    A2_LOG_ERROR("Failed to import PKCS12 file. "
-                 "If you meant to use PEM, you'll also have to specify "
-                 "--rpc-private-key. See the manual.");
+    if (side_ == TLS_SERVER) {
+      A2_LOG_ERROR("Failed to import PKCS12 file. "
+                   "If you meant to use PEM, you'll also have to specify "
+                   "--rpc-private-key. See the manual.");
+    }
+    else {
+      A2_LOG_ERROR("Failed to import PKCS12 file. "
+                   "If you meant to use PEM, you'll also have to specify "
+                   "--private-key. See the manual.");
+    }
     return false;
   }
   return true;
diff --git a/src/LibsslTLSContext.cc b/src/LibsslTLSContext.cc
index 675d77a68..fb74ccc6a 100644
--- a/src/LibsslTLSContext.cc
+++ b/src/LibsslTLSContext.cc
@@ -203,20 +203,36 @@ bool OpenSSLTLSContext::addP12CredentialFile(const std::string& p12file)
   }
   p12_t p12(d2i_PKCS12_bio(bio.get(), nullptr));
   if (!p12) {
-    A2_LOG_ERROR(fmt("Failed to open PKCS12 file: %s. "
-                     "If you meant to use PEM, you'll also have to specify "
-                     "--rpc-private-key. See the manual.",
-                     ERR_error_string(ERR_get_error(), nullptr)));
+    if (side_ == TLS_SERVER) {
+      A2_LOG_ERROR(fmt("Failed to open PKCS12 file: %s. "
+                       "If you meant to use PEM, you'll also have to specify "
+                       "--rpc-private-key. See the manual.",
+                       ERR_error_string(ERR_get_error(), nullptr)));
+    }
+    else {
+      A2_LOG_ERROR(fmt("Failed to open PKCS12 file: %s. "
+                       "If you meant to use PEM, you'll also have to specify "
+                       "--private-key. See the manual.",
+                       ERR_error_string(ERR_get_error(), nullptr)));
+    }
     return false;
   }
   EVP_PKEY* pkey;
   X509* cert;
   STACK_OF(X509)* ca = nullptr;
   if (!PKCS12_parse(p12.get(), "", &pkey, &cert, &ca)) {
-    A2_LOG_ERROR(fmt("Failed to parse PKCS12 file: %s. "
-                     "If you meant to use PEM, you'll also have to specify "
-                     "--rpc-private-key. See the manual.",
-                     ERR_error_string(ERR_get_error(), nullptr)));
+    if (side_ == TLS_SERVER) {
+      A2_LOG_ERROR(fmt("Failed to parse PKCS12 file: %s. "
+                       "If you meant to use PEM, you'll also have to specify "
+                       "--rpc-private-key. See the manual.",
+                       ERR_error_string(ERR_get_error(), nullptr)));
+    }
+    else {
+      A2_LOG_ERROR(fmt("Failed to parse PKCS12 file: %s. "
+                       "If you meant to use PEM, you'll also have to specify "
+                       "--private-key. See the manual.",
+                       ERR_error_string(ERR_get_error(), nullptr)));
+    }
     return false;
   }