If a detailed error message is available, do not overwrite (#116)

When verification of ACs fails, the prior behavior is to always have this message: ``` Cannot verify AC signature! ``` This can be difficult to debug as there's no indication of whether its a problem with the proxy itself or with the host configuration. This patch appends the underlying error message if one was provided. For example, ``` Cannot verify AC signature! Underlying error: Certificate verification \ failed for certificate '/CN=voms.example.com': certificate has expired. ``` (newlines added for readability)
italiangrid · Apr 26, 2023 · 564dd86 · 564dd86
1 parent 25b39ed
commit 564dd86
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/src/api/ccapi/api_util.cc b/src/api/ccapi/api_util.cc
@@ -332,7 +332,12 @@ vomsdata::verifydata(AC *ac, UNUSED(const std::string& subject),
     issuer = check((void *)ac);
 
     if (!issuer) {
-      seterror(VERR_SIGN, "Cannot verify AC signature!");
+      std::string oldmessage = ErrorMessage();
+      if (oldmessage.empty()) {
+          seterror(VERR_SIGN, "Cannot verify AC signature!");
+      } else {
+          seterror(VERR_SIGN, "Cannot verify AC signature!  Underlying error: " + oldmessage);
+      }
       return false;
     }
   }