Unhelpful failure mode for bad certificate + key combination

[JohannesGaessler]

I have two certificates/keys, one pair issued by KIT and one pair issued by CERN:

12:28 jgaessler@portal1 /home/jgaessler/.globus
% ll
total 36K
-rw------- 1 jgaessler cms 2.5K Nov 20  2023 usercert.pem
-rw------- 1 jgaessler cms 3.5K Jul 31 11:57 usercert_cern.pem
-rw------- 1 jgaessler cms 3.6K Nov 20  2023 userkey.pem
-rw------- 1 jgaessler cms 2.0K Jul 31 12:14 userkey_cern.pem
-rw------- 1 jgaessler cms  11K Jul 31 12:22 x509_proxy

By default the KIT files are used. Using the two KIT files together works as expected. Using the two CERN files together also works as expected. However, if a bad combination of files is used voms-proxy-init returns an error. This is to be expected, but the error is kind of unhelpful:

12:29 jgaessler@portal1 /home/jgaessler/.globus
% voms-proxy-init -rfc --voms cms --valid 192:00 -cert ~/.globus/usercert_cern.pem                                
sslutils.c:3140:error:400003F5:lib(128)::processing key
        File=/home/jgaessler/.globus/usercert_cern.pem

userkey.pem is in this case implicitly being used but it is not obvious that the problem is that it is the wrong key for the specified certificate. I think an error message that explicitly informs the user of the bad combination would be more helpful and reduce the time needed for troubleshooting.