From cd0985c3e295a8fbf7db545e504f09a30da6f7f8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ji=C5=99=C3=AD=20Pinkava?= <j-pi@seznam.cz>
Date: Wed, 1 Feb 2017 23:00:14 +0100
Subject: [PATCH] Log more TLS error details
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Jiří Pinkava <j-pi@seznam.cz>
---
 lib/net_mosq.c | 8 ++++++++
 lib/tls_mosq.c | 9 +++++++--
 2 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/lib/net_mosq.c b/lib/net_mosq.c
index 7cd9c85d..f63a0b22 100644
--- a/lib/net_mosq.c
+++ b/lib/net_mosq.c
@@ -321,6 +321,9 @@ void net__print_ssl_error(struct mosquitto *mosq)
 int net__socket_connect_tls(struct mosquitto *mosq)
 {
 	int ret, err;
+	unsigned long e;
+	char ebuf[256];
+
 	ret = SSL_connect(mosq->ssl);
 	if(ret != 1) {
 		err = SSL_get_error(mosq->ssl, ret);
@@ -337,6 +340,11 @@ int net__socket_connect_tls(struct mosquitto *mosq)
 			mosq->want_write = true;
 			mosq->want_connect = true;
 		}else{
+			e = ERR_get_error();
+			while(e){
+				_mosquitto_log_printf(mosq, MOSQ_LOG_ERR, "OpenSSL Error: %s", ERR_error_string(e, ebuf));
+				e = ERR_get_error();
+			}
 			COMPAT_CLOSE(mosq->sock);
 			mosq->sock = INVALID_SOCKET;
 			net__print_ssl_error(mosq);
diff --git a/lib/tls_mosq.c b/lib/tls_mosq.c
index b7997a18..8d8ca487 100644
--- a/lib/tls_mosq.c
+++ b/lib/tls_mosq.c
@@ -33,6 +33,7 @@ Contributors:
 #  include "mosquitto_broker_internal.h"
 #endif
 #include "mosquitto_internal.h"
+#include "logging_mosq.h"
 #include "tls_mosq.h"
 
 extern int tls_ex_index_mosq;
@@ -58,10 +59,14 @@ int mosquitto__server_certificate_verify(int preverify_ok, X509_STORE_CTX *ctx)
 			cert = X509_STORE_CTX_get_current_cert(ctx);
 			/* This is the peer certificate, all others are upwards in the chain. */
 #if defined(WITH_BROKER)
-			return mosquitto__verify_certificate_hostname(cert, mosq->bridge->addresses[mosq->bridge->cur_address].address);
+			preverify_ok = mosquitto__verify_certificate_hostname(cert, mosq->bridge->addresses[mosq->bridge->cur_address].address);
 #else
-			return mosquitto__verify_certificate_hostname(cert, mosq->host);
+			preverify_ok = mosquitto__verify_certificate_hostname(cert, mosq->host);
 #endif
+			if (preverify_ok != 1) {
+				_mosquitto_log_printf(mosq, MOSQ_LOG_ERR, "Error: host name verification failed.");
+			}
+			return preverify_ok;
 		}else{
 			return preverify_ok;
 		}