Add more debug during certificates validation

Signed-off-by: David Gageot <david@gageot.net>
2015-10-19 09:27:11 +02:00 · 2015-10-19 09:27:11 +02:00 · e2b6a832ac
parent a1e610bdd3
commit e2b6a832ac
3 changed files with 16 additions and 7 deletions
--- a/commands/config.go
+++ b/commands/config.go
@ -82,7 +82,7 @@ func checkCert(hostUrl string, authOptions *auth.AuthOptions, c *cli.Context) er
 		authOptions.ServerKeyPath,
 	)
 	if err != nil {
-		return fmt.Errorf("Error attempting to validate the certficate: %s", err)
+		return fmt.Errorf("Error attempting to validate the certificates: %s", err)
 	}

 	if !valid {
--- a/libmachine/cert/cert.go
+++ b/libmachine/cert/cert.go
@ -13,6 +13,10 @@ import (
 	"net"
 	"os"
 	"time"
+
+	"errors"
+
+	"github.com/docker/machine/libmachine/log"
 )

 type ErrValidatingCert struct {
@ -29,7 +33,11 @@ func getTLSConfig(caCert, cert, key []byte, allowInsecure bool) (*tls.Config, er
 	tlsConfig.InsecureSkipVerify = allowInsecure
 	certPool := x509.NewCertPool()

-	certPool.AppendCertsFromPEM(caCert)
+	ok := certPool.AppendCertsFromPEM(caCert)
+	if !ok {
+		return &tlsConfig, errors.New("There was an error reading certificate")
+	}
+
 	tlsConfig.RootCAs = certPool
 	keypair, err := tls.X509KeyPair(cert, key)
 	if err != nil {
@ -174,17 +182,21 @@ func GenerateCert(hosts []string, certFile, keyFile, caFile, caKeyFile, org stri
 	return nil
 }

+// ValidateCertificate validate the certificate installed on the vm.
 func ValidateCertificate(addr, caCertPath, serverCertPath, serverKeyPath string) (bool, error) {
+	log.Debugf("Reading CA certificate from %s", caCertPath)
 	caCert, err := ioutil.ReadFile(caCertPath)
 	if err != nil {
 		return false, ErrValidatingCert{err}
 	}

+	log.Debugf("Reading server certificate from %s", serverCertPath)
 	serverCert, err := ioutil.ReadFile(serverCertPath)
 	if err != nil {
 		return false, ErrValidatingCert{err}
 	}

+	log.Debugf("Reading server key from %s", serverKeyPath)
 	serverKey, err := ioutil.ReadFile(serverKeyPath)
 	if err != nil {
 		return false, ErrValidatingCert{err}
@ -201,6 +213,7 @@ func ValidateCertificate(addr, caCertPath, serverCertPath, serverKeyPath string)

 	_, err = tls.DialWithDialer(dialer, "tcp", addr, tlsConfig)
 	if err != nil {
+		log.Debugf("Certificates are not valid: %s", err)
 		return false, nil
 	}

--- a/libmachine/provision/utils.go
+++ b/libmachine/provision/utils.go
@ -179,11 +179,7 @@ func ConfigureAuth(p Provisioner) error {
 		return err
 	}

-	if err := waitForDocker(p, dockerPort); err != nil {
-		return err
-	}
-
-	return nil
+	return waitForDocker(p, dockerPort)
 }

 func matchNetstatOut(reDaemonListening, netstatOut string) bool {