stream-ssl: Avoid logging no-match error redundantly.
authorBen Pfaff <blp@nicira.com>
Thu, 9 Aug 2012 17:49:57 +0000 (10:49 -0700)
committerBen Pfaff <blp@nicira.com>
Thu, 9 Aug 2012 21:19:29 +0000 (14:19 -0700)
If we've already reported an error at this point, then we currently report
a no-match error also, but that doesn't add any useful information; it's
just noise in the log.

Signed-off-by: Ben Pfaff <blp@nicira.com>
lib/stream-ssl.c

index b9b3410737ab6c010f1882bbb9632d72e2834feb..db7b68e6cc7618ea72653ae16c57a669cfbc2045 100644 (file)
@@ -230,7 +230,7 @@ new_ssl_stream(const char *name, int fd, enum session_type type,
         VLOG_ERR("CA certificate must be configured to use SSL");
         retval = ENOPROTOOPT;
     }
-    if (!SSL_CTX_check_private_key(ctx)) {
+    if (!retval && !SSL_CTX_check_private_key(ctx)) {
         VLOG_ERR("Private key does not match certificate public key: %s",
                  ERR_error_string(ERR_get_error(), NULL));
         retval = ENOPROTOOPT;