Error message could be better when TLS cert is not matched with the private key #14022
Description
Title: Error message could be better when TLS cert is not matched with the private key
Description:
The error message is
error initializing configuration '/etc/envoy/envoy.json': Failed to load private key from /etc/envoy/certs/serverkey.pem
when we configure with a mismatched pair of TLS cert and private key.
It would be nice to have the internal OpenSSL internal error which helps the user understand what's going on.
The error message could be something like this:
Failed to load private key from ./envoy/test/extensions/transport_sockets/tls/test_data/san_dns2_key.pem, Cause: error:0b000074:X.509 certificate routines:OPENSSL_internal:KEY_VALUES_MISMATCH
Repro steps:
I had a test case in this PR to help with the repro.
At the same time, I noticed that there're a few other places that could have improvements similar to this PR.
I'd like to help if you think it's nice to have them.