From ec00dc18ca95e08cc0e68dbf8cc1ed7566dc2a56 Mon Sep 17 00:00:00 2001
From: ed <s@ocv.me>
Date: Sun, 30 Nov 2025 10:35:21 +0000
Subject: [PATCH] add cfssl debug (#1030)

---
 README.md         |  5 +++++
 copyparty/cert.py | 22 ++++++++++++++++++----
 2 files changed, 23 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index 63227835..adcba825 100644
--- a/README.md
+++ b/README.md
@@ -2924,6 +2924,11 @@ if [cfssl](https://github.com/cloudflare/cfssl/releases/latest) is installed, co
 * this will be a self-signed certificate so you must install your `ca.pem` into all your browsers/devices
 * if you want to avoid the hassle of distributing certs manually, please consider using a reverse proxy
 
+to install cfssl on windows:
+* [download](https://github.com/cloudflare/cfssl/releases/latest) `cfssl_windows_amd64.exe`, `cfssljson_windows_amd64.exe`, `cfssl-certinfo_windows_amd64.exe`
+* rename them to `cfssl.exe`, `cfssljson.exe`, `cfssl-certinfo.exe`
+* put them in PATH, for example inside `c:\windows\system32`
+
 
 # recovering from crashes
 
diff --git a/copyparty/cert.py b/copyparty/cert.py
index 49fa9ea2..18859536 100644
--- a/copyparty/cert.py
+++ b/copyparty/cert.py
@@ -2,6 +2,7 @@ import calendar
 import errno
 import json
 import os
+import shutil
 import time
 
 from .__init__ import ANYWIN
@@ -19,6 +20,19 @@ else:
     VF = {"mv_re_t": 0, "rm_re_t": 0}
 
 
+def _sp_err(exe, what, rc, so, se, sin):
+    try:
+        zs = shutil.which(exe)
+    except:
+        zs = "<?>"
+    try:
+        zi = os.path.getsize(zs)
+    except:
+        zi = 0
+    t = "failed to %s; error %s using %s (%s):\n  STDOUT: %s\n  STDERR: %s\n  STDIN: %s\n"
+    raise Exception(t % (what, rc, zs, zi, so, se, sin.decode("utf-8")))
+
+
 def ensure_cert(log: "RootLogger", args) -> None:
     """
     the default cert (and the entire TLS support) is only here to enable the
@@ -107,13 +121,13 @@ def _gen_ca(log: "RootLogger", args):
     cmd = "cfssl gencert -initca -"
     rc, so, se = runcmd(cmd.split(), 30, sin=sin)
     if rc:
-        raise Exception("failed to create ca-cert: {}, {}".format(rc, se), 3)
+        _sp_err("cfssl", "create ca-cert", rc, so, se, sin)
 
     cmd = "cfssljson -bare ca"
     sin = so.encode("utf-8")
     rc, so, se = runcmd(cmd.split(), 10, sin=sin, cwd=args.crt_dir)
     if rc:
-        raise Exception("failed to translate ca-cert: {}, {}".format(rc, se), 3)
+        _sp_err("cfssljson", "translate ca-cert", rc, so, se, sin)
 
     bname = os.path.join(args.crt_dir, "ca")
     try:
@@ -201,13 +215,13 @@ def _gen_srv(log: "RootLogger", args, netdevs: dict[str, Netdev]):
     acmd = cmd.split() + ["-hostname=" + ",".join(names), "-"]
     rc, so, se = runcmd(acmd, 30, sin=sin, cwd=args.crt_dir)
     if rc:
-        raise Exception("failed to create cert: {}, {}".format(rc, se))
+        _sp_err("cfssl", "create cert", rc, so, se, sin)
 
     cmd = "cfssljson -bare srv"
     sin = so.encode("utf-8")
     rc, so, se = runcmd(cmd.split(), 10, sin=sin, cwd=args.crt_dir)
     if rc:
-        raise Exception("failed to translate cert: {}, {}".format(rc, se))
+        _sp_err("cfssljson", "translate cert", rc, so, se, sin)
 
     bname = os.path.join(args.crt_dir, "srv")
     try: