diff --git a/internal/config/certs.go b/internal/config/certs.go index 861a356b8..7749a2d7f 100644 --- a/internal/config/certs.go +++ b/internal/config/certs.go @@ -49,19 +49,19 @@ func ParsePublicCertFile(certFile string) (x509Certs []*x509.Certificate, err er for len(current) > 0 { var pemBlock *pem.Block if pemBlock, current = pem.Decode(current); pemBlock == nil { - return nil, ErrSSLUnexpectedData(nil).Msg("Could not read PEM block from file %s", certFile) + return nil, ErrTLSUnexpectedData(nil).Msg("Could not read PEM block from file %s", certFile) } var x509Cert *x509.Certificate if x509Cert, err = x509.ParseCertificate(pemBlock.Bytes); err != nil { - return nil, ErrSSLUnexpectedData(nil).Msg("Failed to parse `%s`: %s", certFile, err.Error()) + return nil, ErrTLSUnexpectedData(nil).Msg("Failed to parse `%s`: %s", certFile, err.Error()) } x509Certs = append(x509Certs, x509Cert) } if len(x509Certs) == 0 { - return nil, ErrSSLUnexpectedData(nil).Msg("Empty public certificate file %s", certFile) + return nil, ErrTLSUnexpectedData(nil).Msg("Empty public certificate file %s", certFile) } return x509Certs, nil @@ -73,33 +73,33 @@ func ParsePublicCertFile(certFile string) (x509Certs []*x509.Certificate, err er func LoadX509KeyPair(certFile, keyFile string) (tls.Certificate, error) { certPEMBlock, err := os.ReadFile(certFile) if err != nil { - return tls.Certificate{}, ErrSSLUnexpectedError(err) + return tls.Certificate{}, ErrTLSReadError(nil).Msg("Unable to read the public key: %s", err) } keyPEMBlock, err := os.ReadFile(keyFile) if err != nil { - return tls.Certificate{}, ErrSSLUnexpectedError(err) + return tls.Certificate{}, ErrTLSReadError(nil).Msg("Unable to read the private key: %s", err) } key, rest := pem.Decode(keyPEMBlock) if len(rest) > 0 { - return tls.Certificate{}, ErrSSLUnexpectedData(nil).Msg("The private key contains additional data") + return tls.Certificate{}, ErrTLSUnexpectedData(nil).Msg("The private key contains additional data") } if key == nil { - return tls.Certificate{}, ErrSSLUnexpectedData(nil).Msg("The private key is not readable") + return tls.Certificate{}, ErrTLSUnexpectedData(nil).Msg("The private key is not readable") } if x509.IsEncryptedPEMBlock(key) { password := env.Get(EnvCertPassword, "") if len(password) == 0 { - return tls.Certificate{}, ErrSSLNoPassword(nil) + return tls.Certificate{}, ErrTLSNoPassword(nil) } decryptedKey, decErr := x509.DecryptPEMBlock(key, []byte(password)) if decErr != nil { - return tls.Certificate{}, ErrSSLWrongPassword(decErr) + return tls.Certificate{}, ErrTLSWrongPassword(decErr) } keyPEMBlock = pem.EncodeToMemory(&pem.Block{Type: key.Type, Bytes: decryptedKey}) } cert, err := tls.X509KeyPair(certPEMBlock, keyPEMBlock) if err != nil { - return tls.Certificate{}, ErrSSLUnexpectedData(nil).Msg(err.Error()) + return tls.Certificate{}, ErrTLSUnexpectedData(nil).Msg(err.Error()) } return cert, nil } diff --git a/internal/config/errors.go b/internal/config/errors.go index c932b7bbe..2f1629e87 100644 --- a/internal/config/errors.go +++ b/internal/config/errors.go @@ -225,19 +225,19 @@ Examples: `Use 'sudo setcap cap_net_bind_service=+ep /path/to/minio' to provide sufficient permissions`, ) - ErrSSLUnexpectedError = newErrFn( - "Invalid TLS certificate", - "Please check the content of your certificate data", - `Only PEM (x.509) format is accepted as valid public & private certificates`, + ErrTLSReadError = newErrFn( + "Cannot read the TLS certificate", + "Please check if the certificate has the proper owner and read permissions", + "", ) - ErrSSLUnexpectedData = newErrFn( + ErrTLSUnexpectedData = newErrFn( "Invalid TLS certificate", "Please check your certificate", "", ) - ErrSSLNoPassword = newErrFn( + ErrTLSNoPassword = newErrFn( "Missing TLS password", "Please set the password to environment variable `MINIO_CERT_PASSWD` so that the private key can be decrypted", "", @@ -255,7 +255,7 @@ Examples: "", ) - ErrSSLWrongPassword = newErrFn( + ErrTLSWrongPassword = newErrFn( "Unable to decrypt the private key using the provided password", "Please set the correct password in environment variable `MINIO_CERT_PASSWD`", "",