The daemon uses two similar filename extensions to identify different
kinds of certificates. ".crt" files are interpreted as CA certificates,
and ".cert" files are interprted as client certificates. If a CA
certificate is accidentally given the extension ".cert", it will lead to
the following error message:
Missing key ca.key for certificate ca.cert
To make this slightly less confusing, clarify the error message with a
note that CA certificates should use the extension ".crt".
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
... | ... |
@@ -109,7 +109,7 @@ func ReadCertsDirectory(tlsConfig *tls.Config, directory string) error { |
109 | 109 |
keyName := certName[:len(certName)-5] + ".key" |
110 | 110 |
logrus.Debugf("cert: %s", filepath.Join(directory, f.Name())) |
111 | 111 |
if !hasFile(fs, keyName) { |
112 |
- return fmt.Errorf("Missing key %s for certificate %s", keyName, certName) |
|
112 |
+ return fmt.Errorf("Missing key %s for client certificate %s. Note that CA certificates should use the extension .crt.", keyName, certName) |
|
113 | 113 |
} |
114 | 114 |
cert, err := tls.LoadX509KeyPair(filepath.Join(directory, certName), filepath.Join(directory, keyName)) |
115 | 115 |
if err != nil { |
... | ... |
@@ -122,7 +122,7 @@ func ReadCertsDirectory(tlsConfig *tls.Config, directory string) error { |
122 | 122 |
certName := keyName[:len(keyName)-4] + ".cert" |
123 | 123 |
logrus.Debugf("key: %s", filepath.Join(directory, f.Name())) |
124 | 124 |
if !hasFile(fs, certName) { |
125 |
- return fmt.Errorf("Missing certificate %s for key %s", certName, keyName) |
|
125 |
+ return fmt.Errorf("Missing client certificate %s for key %s", certName, keyName) |
|
126 | 126 |
} |
127 | 127 |
} |
128 | 128 |
} |