Log more TLS error details

Signed-off-by: Jiří Pinkava <j-pi@seznam.cz>

lib/net_mosq.c

@@ -321,6 +321,9 @@ void net__print_ssl_error(struct mosquitto *mosq)
 int net__socket_connect_tls(struct mosquitto *mosq)
 {
 	int ret, err;
+	unsigned long e;
+	char ebuf[256];
+
 	ret = SSL_connect(mosq->ssl);
 	if(ret != 1) {
 		err = SSL_get_error(mosq->ssl, ret);
@@ -337,6 +340,11 @@ int net__socket_connect_tls(struct mosquitto *mosq)
 			mosq->want_write = true;
 			mosq->want_connect = true;
 		}else{
+			e = ERR_get_error();
+			while(e){
+				_mosquitto_log_printf(mosq, MOSQ_LOG_ERR, "OpenSSL Error: %s", ERR_error_string(e, ebuf));
+				e = ERR_get_error();
+			}
 			COMPAT_CLOSE(mosq->sock);
 			mosq->sock = INVALID_SOCKET;
 			net__print_ssl_error(mosq);

lib/tls_mosq.c

@@ -33,6 +33,7 @@ Contributors:
 #  include "mosquitto_broker_internal.h"
 #endif
 #include "mosquitto_internal.h"
+#include "logging_mosq.h"
 #include "tls_mosq.h"
 
 extern int tls_ex_index_mosq;
@@ -58,10 +59,14 @@ int mosquitto__server_certificate_verify(int preverify_ok, X509_STORE_CTX *ctx)
 			cert = X509_STORE_CTX_get_current_cert(ctx);
 			/* This is the peer certificate, all others are upwards in the chain. */
 #if defined(WITH_BROKER)
-			return mosquitto__verify_certificate_hostname(cert, mosq->bridge->addresses[mosq->bridge->cur_address].address);
+			preverify_ok = mosquitto__verify_certificate_hostname(cert, mosq->bridge->addresses[mosq->bridge->cur_address].address);
 #else
-			return mosquitto__verify_certificate_hostname(cert, mosq->host);
+			preverify_ok = mosquitto__verify_certificate_hostname(cert, mosq->host);
 #endif
+			if (preverify_ok != 1) {
+				_mosquitto_log_printf(mosq, MOSQ_LOG_ERR, "Error: host name verification failed.");
+			}
+			return preverify_ok;
 		}else{
 			return preverify_ok;
 		}