From b79410a11e88becfe3845ecef9045fe625c1f2b8 Mon Sep 17 00:00:00 2001
From: Vijay Mamidi <vmamidi@apple.com>
Date: Mon, 28 Nov 2022 21:54:15 -0800
Subject: [PATCH 1/2] Keyfile loading error when key file is not specified

---
 iocore/net/SSLUtils.cc | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/iocore/net/SSLUtils.cc b/iocore/net/SSLUtils.cc
index 22f170ce8ca..caa524a2c3a 100644
--- a/iocore/net/SSLUtils.cc
+++ b/iocore/net/SSLUtils.cc
@@ -1052,11 +1052,11 @@ SSLPrivateKeyHandler(SSL_CTX *ctx, const SSLConfigParams *params, const char *ke
     scoped_BIO bio(BIO_new_mem_buf(secret_data, secret_data_len));
     pkey = PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, nullptr);
     if (nullptr == pkey) {
-      SSLError("failed to load server private key from %s", keyPath);
+      SSLError("failed to load server private key");
       return false;
     }
     if (!SSL_CTX_use_PrivateKey(ctx, pkey)) {
-      SSLError("failed to attache server private key loaded from %s", keyPath);
+      SSLError("failed to attache server private key");
       EVP_PKEY_free(pkey);
       return false;
     }
@@ -2451,6 +2451,10 @@ SSLMultiCertConfigLoader::load_certs(SSL_CTX *ctx, const std::vector<std::string
       secret_key_data = secret_data;
     }
     if (!SSLPrivateKeyHandler(ctx, params, keyPath.c_str(), secret_key_data.data(), secret_key_data.size())) {
+      if (keyPath.empty())
+        SSLError("Failed to load private key from %s", cert_names_list[i].c_str());
+      else
+        SSLError("Failed to load private key from %s", keyPath.c_str());
       return false;
     }
     // Must load all the intermediate certificates before starting the next chain

From fff82fb8ec83099c0f0bb2a1ed763659341088c1 Mon Sep 17 00:00:00 2001
From: Vijay Mamidi <vmamidi@apple.com>
Date: Tue, 29 Nov 2022 06:59:03 -0800
Subject: [PATCH 2/2] Keyfile loading error when key file is not specified

---
 iocore/net/SSLUtils.cc | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/iocore/net/SSLUtils.cc b/iocore/net/SSLUtils.cc
index caa524a2c3a..f4ff3dc2cde 100644
--- a/iocore/net/SSLUtils.cc
+++ b/iocore/net/SSLUtils.cc
@@ -1039,7 +1039,7 @@ SSLPrivateKeyHandler(SSL_CTX *ctx, const SSLConfigParams *params, const char *ke
     pkey = ENGINE_load_private_key(e, keyPath, nullptr, nullptr);
     if (pkey) {
       if (!SSL_CTX_use_PrivateKey(ctx, pkey)) {
-        SSLError("failed to load server private key from engine");
+        Debug("ssl", "failed to load server private key from engine");
         EVP_PKEY_free(pkey);
         return false;
       }
@@ -1052,16 +1052,16 @@ SSLPrivateKeyHandler(SSL_CTX *ctx, const SSLConfigParams *params, const char *ke
     scoped_BIO bio(BIO_new_mem_buf(secret_data, secret_data_len));
     pkey = PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, nullptr);
     if (nullptr == pkey) {
-      SSLError("failed to load server private key");
+      Debug("ssl", "failed to load server private key");
       return false;
     }
     if (!SSL_CTX_use_PrivateKey(ctx, pkey)) {
-      SSLError("failed to attache server private key");
+      Debug("ssl", "failed to attache server private key");
       EVP_PKEY_free(pkey);
       return false;
     }
     if (e == nullptr && !SSL_CTX_check_private_key(ctx)) {
-      SSLError("server private key does not match the certificate public key");
+      Debug("ssl", "server private key does not match the certificate public key");
       return false;
     }
   }