From 77c209c412c7dcb2e9428fc6219373b3260ddf11 Mon Sep 17 00:00:00 2001
From: Andy Green <andy@warmcat.com>
Date: Tue, 18 Nov 2014 09:28:06 +0800
Subject: [PATCH] ssl: improve client error message on server cert probs

---
 lib/client.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/lib/client.c b/lib/client.c
index 7d37b38d..3344c4f0 100755
--- a/lib/client.c
+++ b/lib/client.c
@@ -311,11 +311,12 @@ int lws_client_socket_service(struct libwebsocket_context *context,
 								      n, n > 0);
 
 			if (n != X509_V_OK) {
-				if((n == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT || n == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN) && wsi->use_ssl == 2) {
+				if ((n == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT ||
+				     n == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN) && wsi->use_ssl == 2) {
 					lwsl_notice("accepting self-signed certificate\n");
 				} else {
-					lwsl_err(
-						"server's cert didn't look good %d\n", n);
+					lwsl_err("server's cert didn't look good, X509_V_ERR = %d: %s\n",
+						 n, ERR_error_string(n, (char *)context->service_buffer));
 					libwebsocket_close_and_free_session(context,
 							wsi, LWS_CLOSE_STATUS_NOSTATUS);
 					return 0;