ssl: improve client error message on server cert probs

diff --git a/lib/client.c b/lib/client.c
index 7d37b38..3344c4f 100755 (executable)
--- a/lib/client.c
+++ b/lib/client.c
@@ -311,11 +311,12 @@ int lws_client_socket_service(struct libwebsocket_context *context,
                                                                      n, n > 0);
 
                        if (n != X509_V_OK) {
-                               if((n == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT || n == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN) && wsi->use_ssl == 2) {
+                               if ((n == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT ||
+                                    n == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN) && wsi->use_ssl == 2) {
                                        lwsl_notice("accepting self-signed certificate\n");
                                } else {
-                                       lwsl_err(
-                                               "server's cert didn't look good %d\n", n);
+                                       lwsl_err("server's cert didn't look good, X509_V_ERR = %d: %s\n",
+                                                n, ERR_error_string(n, (char *)context->service_buffer));
                                        libwebsocket_close_and_free_session(context,
                                                        wsi, LWS_CLOSE_STATUS_NOSTATUS);
                                        return 0;