From 65981caf151f1a193fa20339f56174976bfbb6ad Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Tue, 7 Mar 2017 12:52:14 +0000
Subject: Add handling for errors on the TLS config and properly check/handle
 failures when setting the CA file.

---
 src/regress/lib/libtls/gotls/tls.go      | 15 +++++++++++++--
 src/regress/lib/libtls/gotls/tls_test.go | 14 ++++++++++----
 2 files changed, 23 insertions(+), 6 deletions(-)

diff --git a/src/regress/lib/libtls/gotls/tls.go b/src/regress/lib/libtls/gotls/tls.go
index 4ce92eaef8..c6aab7789f 100644
--- a/src/regress/lib/libtls/gotls/tls.go
+++ b/src/regress/lib/libtls/gotls/tls.go
@@ -53,11 +53,22 @@ func NewConfig() (*TLSConfig, error) {
 	}, nil
 }
 
+// Error returns the error message from the TLS configuration.
+func (c *TLSConfig) Error() error {
+	if msg := C.tls_config_error(c.tlsCfg); msg != nil {
+		return errors.New(C.GoString(msg))
+	}
+	return errors.New("unknown error")
+}
+
 // SetCAFile sets the CA file to be used for connections.
-func (c *TLSConfig) SetCAFile(filename string) {
+func (c *TLSConfig) SetCAFile(filename string) error {
 	caFile := C.CString(filename)
 	defer C.free(unsafe.Pointer(caFile))
-	C.tls_config_set_ca_file(c.tlsCfg, caFile)
+	if C.tls_config_set_ca_file(c.tlsCfg, caFile) != 0 {
+		return c.Error()
+	}
+	return nil
 }
 
 // InsecureNoVerifyCert disables certificate verification for the connection.
diff --git a/src/regress/lib/libtls/gotls/tls_test.go b/src/regress/lib/libtls/gotls/tls_test.go
index 3a430924a7..f48be5ddda 100644
--- a/src/regress/lib/libtls/gotls/tls_test.go
+++ b/src/regress/lib/libtls/gotls/tls_test.go
@@ -21,7 +21,7 @@ const (
 
 var (
 	certNotBefore = time.Unix(0, 0)
-	certNotAfter = certNotBefore.Add(1000000 * time.Hour)
+	certNotAfter  = certNotBefore.Add(1000000 * time.Hour)
 )
 
 // createCAFile writes a PEM encoded version of the certificate out to a
@@ -81,7 +81,9 @@ func TestTLSBasic(t *testing.T) {
 		t.Fatal(err)
 	}
 	defer cfg.Free()
-	cfg.SetCAFile(caFile)
+	if err := cfg.SetCAFile(caFile); err != nil {
+		t.Fatal(err)
+	}
 
 	tls, err := NewClient(cfg)
 	if err != nil {
@@ -135,7 +137,9 @@ func TestTLSSingleByteReadWrite(t *testing.T) {
 		t.Fatal(err)
 	}
 	defer cfg.Free()
-	cfg.SetCAFile(caFile)
+	if err := cfg.SetCAFile(caFile); err != nil {
+		t.Fatal(err)
+	}
 
 	tls, err := NewClient(cfg)
 	if err != nil {
@@ -202,7 +206,9 @@ func TestTLSInfo(t *testing.T) {
 		t.Fatal(err)
 	}
 	defer cfg.Free()
-	cfg.SetCAFile(caFile)
+	if err := cfg.SetCAFile(caFile); err != nil {
+		t.Fatal(err)
+	}
 
 	tls, err := NewClient(cfg)
 	if err != nil {
-- 
cgit v1.2.3-55-g6feb