From 99c285491960c2a337b8160ee298b01b5bec6468 Mon Sep 17 00:00:00 2001
From: Tim Kimber <tkimber@mobius.org.uk>
Date: Thu, 30 Sep 2021 18:33:24 +0100
Subject: [PATCH] Show curl error if obtain_ca_resource_location fails

---
 getssl                      | 13 ++++++++++++-
 test/0-test-curl-error.bats | 29 +++++++++++++++++++++++++++++
 test/32-test-upgrade.bats   |  2 +-
 3 files changed, 42 insertions(+), 2 deletions(-)
 create mode 100644 test/0-test-curl-error.bats

diff --git a/getssl b/getssl
index a688ca9..0365c83 100755
--- a/getssl
+++ b/getssl
@@ -2118,11 +2118,22 @@ json_get() { # get values from json
 
 obtain_ca_resource_locations()
 {
+  CURL_RESPONSE_FILE="$(mktemp 2>/dev/null || mktemp -t getssl.XXXXXX)"
+
   for suffix in "" "/directory" "/dir";
   do
     # Obtain CA resource locations
     # shellcheck disable=SC2086
-    ca_all_loc=$(curl ${_NOMETER} --user-agent "$CURL_USERAGENT" "${CA}${suffix}" 2>/dev/null)
+    ca_all_loc=$(curl ${_NOMETER} --user-agent "$CURL_USERAGENT" "${CA}${suffix}" 2> $CURL_RESPONSE_FILE)
+    errcode=$?
+    if [[ $errcode -ne 0 ]]; then
+      response=$(cat "$CURL_RESPONSE_FILE")
+      rm "$CURL_RESPONSE_FILE"
+      error_exit "ERROR curl \"$CA$suffix\" failed with $errcode and returned:\n$response"
+    else
+      rm "$CURL_RESPONSE_FILE"
+    fi
+
     debug "ca_all_loc from ${CA}${suffix} gives $ca_all_loc"
     # APIv1
     URL_new_reg=$(echo "$ca_all_loc" | grep "new-reg" | awk -F'"' '{print $4}')
diff --git a/test/0-test-curl-error.bats b/test/0-test-curl-error.bats
new file mode 100644
index 0000000..1e9e2b7
--- /dev/null
+++ b/test/0-test-curl-error.bats
@@ -0,0 +1,29 @@
+#! /usr/bin/env bats
+
+load '/bats-support/load.bash'
+load '/bats-assert/load.bash'
+load '/getssl/test/test_helper.bash'
+
+
+# This is run for every test
+teardown() {
+    [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_RUN_TMPDIR/failed.skip
+}
+
+setup() {
+    [ ! -f $BATS_RUN_TMPDIR/failed.skip ] || skip "skipping tests after first failure"
+    #export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt
+}
+
+
+@test "Run getssl without pebble certificates to check the error message" {
+    if [ -n "$STAGING" ]; then
+        skip "Using staging server, skipping internal test"
+    fi
+    CONFIG_FILE="getssl-http01.cfg"
+    setup_environment
+    init_getssl
+    create_certificate
+    refute_line "getssl: unknown API version"
+    assert_failure
+}
diff --git a/test/32-test-upgrade.bats b/test/32-test-upgrade.bats
index 2bce33c..e698fc5 100644
--- a/test/32-test-upgrade.bats
+++ b/test/32-test-upgrade.bats
@@ -161,7 +161,7 @@ teardown() {
 
     # Check for current tag or file version otherwise push to master fails on a new version (or if the tag hasn't been updated)
     assert_line --regexp "Installed v(${CURRENT_TAG}|${FILE_VERSION}), restarting"
-    assert_line "Configuration check successful"
+    assert_line --partial "Configuration check successful"
 }