From 8072aea782e01d7cfd63cec24d5f1f871bb42a4c Mon Sep 17 00:00:00 2001
From: Kevin Easton <caf@bitchx.org>
Date: Wed, 16 Jan 2019 23:54:59 +1100
Subject: [PATCH] Improve error messages for SSL connection failures

This now shows the underlying failure reason, and includes the server name.
---
 Changelog       |  2 ++
 source/server.c | 15 +++++++++++----
 2 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/Changelog b/Changelog
index 5f7b2d2..5894e76 100644
--- a/Changelog
+++ b/Changelog
@@ -1,5 +1,7 @@
 [Changes 1.2.2]
 
+* Improve error messages for SSL connection failures. (caf)
+
 * Correctly handle reconnection after failure of SSL connection setup. 
   Reported by g0z. (caf)
 
diff --git a/source/server.c b/source/server.c
index 7d55b03..356d994 100644
--- a/source/server.c
+++ b/source/server.c
@@ -508,7 +508,7 @@ static int finalize_server_connect(int refnum, int c_server, int my_from_server)
 
 				if (!server_list[refnum].ctx)
 				{
-					say("SSL error - failed to allocate SSL_CTX");	
+					say("SSL connection failed to %s: Could not allocate SSL_CTX", server_list[refnum].name);
 					SSL_show_errors();
 					close_server(refnum, NULL);
 					return -1;
@@ -519,7 +519,7 @@ static int finalize_server_connect(int refnum, int c_server, int my_from_server)
 			server_list[refnum].ssl_fd = SSL_new(server_list[refnum].ctx);
 			if (!server_list[refnum].ssl_fd)
 			{
-				say("SSL error - failed to create SSL");
+				say("SSL connection failed to %s: Could not create SSL object", server_list[refnum].name);
 				SSL_show_errors();
 				close_server(refnum, NULL);
 				return -1;
@@ -532,6 +532,7 @@ static int finalize_server_connect(int refnum, int c_server, int my_from_server)
 
 		if (err < 1)
 		{
+			const char *err_string;
 			server_list[refnum].ssl_error = SSL_get_error(server_list[refnum].ssl_fd, err);
 
 			/* The SSL_connect can't complete yet.  Return without calling register_server(),
@@ -541,13 +542,19 @@ static int finalize_server_connect(int refnum, int c_server, int my_from_server)
 			    server_list[refnum].ssl_error == SSL_ERROR_WANT_WRITE)
 				return 0;
 
-			say("SSL_connect error: %d", err, server_list[refnum].ssl_error);
+			if (server_list[refnum].ssl_error == SSL_ERROR_SYSCALL)
+				err_string = strerror(errno);
+			else
+				err_string = ltoa(server_list[refnum].ssl_error);
+
+			say("SSL connection failed to %s: %s", server_list[refnum].name, err_string);
 			SSL_show_errors();
 			close_server(refnum, NULL);
 			return -2;
 		}
 
-		say("SSL server connected using %s (%s)",
+		say("SSL server %s connected using %s (%s)",
+			server_list[refnum].name,
 			SSL_get_version(server_list[refnum].ssl_fd),
 			SSL_get_cipher(server_list[refnum].ssl_fd));
 	}