2 files changed, 8 insertions, 4 deletions

diff --git a/src/garage/cli.rs b/src/garage/cli.rs
index 0ddb5a1c..d44256b9 100644
--- a/src/garage/cli.rs
+++ b/src/garage/cli.rs
@@ -125,7 +125,7 @@ pub enum BucketOperation {
 	#[structopt(name = "allow")]
 	Allow(PermBucketOpt),
 
-	/// Allow key to read or write to bucket
+	/// Deny key from reading or writing to bucket
 	#[structopt(name = "deny")]
 	Deny(PermBucketOpt),
 
diff --git a/src/rpc/rpc_client.rs b/src/rpc/rpc_client.rs
index 5ed43d44..806c7e69 100644
--- a/src/rpc/rpc_client.rs
+++ b/src/rpc/rpc_client.rs
@@ -279,9 +279,13 @@ impl RpcHttpClient {
 		tls_config: &Option<TlsConfig>,
 	) -> Result<Self, Error> {
 		let method = if let Some(cf) = tls_config {
-			let ca_certs = tls_util::load_certs(&cf.ca_cert)?;
-			let node_certs = tls_util::load_certs(&cf.node_cert)?;
-			let node_key = tls_util::load_private_key(&cf.node_key)?;
+			let ca_certs = tls_util::load_certs(&cf.ca_cert).map_err(|e| {
+				Error::Message(format!("Failed to open CA certificate file: {:?}", e))
+			})?;
+			let node_certs = tls_util::load_certs(&cf.node_cert)
+				.map_err(|e| Error::Message(format!("Failed to open certificate file: {:?}", e)))?;
+			let node_key = tls_util::load_private_key(&cf.node_key)
+				.map_err(|e| Error::Message(format!("Failed to open private key file: {:?}", e)))?;
 
 			let mut config = rustls::ClientConfig::new();