[#1662] Checkpoint: addressing comments

3 files changed, 35 insertions, 10 deletions

diff --git a/src/lib/asiolink/common_tls.cc b/src/lib/asiolink/common_tls.cc
index f65ae1c1f8..6831513319 100644
--- a/src/lib/asiolink/common_tls.cc
+++ b/src/lib/asiolink/common_tls.cc
@@ -43,12 +43,32 @@ TlsContextBase::configure(TlsContextPtr& context,
         context.reset(new TlsContext(role));
         context->setCertRequired(cert_required);
         if (isDir(ca_file)) {
-            context->loadCaPath(ca_file);
+            try {
+                context->loadCaPath(ca_file);
+            } catch (const std::exception& ex) {
+                isc_throw(isc::BadValue, "load of CA directory '"
+                          << ca_file << "' failed: " << ex.what());
+            }
         } else {
-            context->loadCaFile(ca_file);
+            try {
+                context->loadCaFile(ca_file);
+            } catch (const std::exception& ex) {
+                isc_throw(isc::BadValue, "load of CA file '"
+                          << ca_file << "' failed: " << ex.what());
+            }
+        }
+        try {
+            context->loadCertFile(cert_file);
+        } catch (const std::exception& ex) {
+            isc_throw(isc::BadValue, "load of cert file '"
+                      << cert_file << "' failed: " << ex.what());
+        }
+        try {
+            context->loadKeyFile(key_file);
+        } catch (const std::exception& ex) {
+            isc_throw(isc::BadValue, "load of private key file '"
+                      << cert_file << "' failed: " << ex.what());
         }
-        context->loadCertFile(cert_file);
-        context->loadKeyFile(key_file);
     } catch (...) {
         context.reset();
         throw;
diff --git a/src/lib/asiolink/common_tls.h b/src/lib/asiolink/common_tls.h
index ca0dfd46a0..fd44182856 100644
--- a/src/lib/asiolink/common_tls.h
+++ b/src/lib/asiolink/common_tls.h
@@ -65,9 +65,7 @@ public:
     /// @param key_file The private key file name.
     /// @param cert_required True if peer certificates are required,
     /// false if they are optional. This is a server specific parameter.
-    /// @throw isc::cryptolink::LibraryError on various errors from
-    /// the cryptographic backend.
-    /// @throw isc::BadValue when cert_required is set to false for a client.
+    /// @throw isc::BadValue on error.
     static void configure(TlsContextPtr& context,
                           TlsRole role,
                           const std::string& ca_file,
diff --git a/src/lib/asiolink/tests/tls_unittest.cc b/src/lib/asiolink/tests/tls_unittest.cc
index 0229214cdf..5ebf7ab539 100644
--- a/src/lib/asiolink/tests/tls_unittest.cc
+++ b/src/lib/asiolink/tests/tls_unittest.cc
@@ -304,10 +304,13 @@ public:
         } catch (const LibraryError& ex) {
             thrown = true;
             errmsg_ = ex.what();
+        } catch (const isc::BadValue& ex) {
+            thrown = true;
+            errmsg_ = ex.what();
         } catch (const exception& ex) {
             thrown = true;
             errmsg_ = ex.what();
-            ADD_FAILURE() << "expect only LibraryError exception";
+            ADD_FAILURE() << "expect only LibraryError or BadValue exception";
         }
 
         // Check the no error case.
@@ -659,10 +662,14 @@ TEST(TLSTest, configure) {
 TEST(TLSTest, configureError) {
     // The error case.
     Expecteds exps;
+    // Common part of the error message.
+    string common_error = "load of cert file '/no-such-file' failed: ";
     // Botan error.
-    exps.addThrow("I/O error: DataSource: Failure opening file /no-such-file");
+    string botan_error = "I/O error: DataSource: Failure opening file /no-such-file";
+    exps.addThrow(common_error + botan_error);
     // OpenSSL error.
-    exps.addThrow("No such file or directory");
+    string openssl_error = "No such file or directory";
+    exps.addThrow(common_error + openssl_error);
     exps.runCanThrow([] {
         TlsContextPtr ctx1;
         string ca(string(TEST_CA_DIR) + "/kea-ca.crt");