Display errors if a test TLS connection fails

If a connection fails it is useful during debugging to have any errors
that are on the OpenSSL error stack at the time of the failure.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/11406)

diff --git a/test/ssltestlib.c b/test/ssltestlib.c
index 66d4e9b3a072268ed0e66718441f45b9a4cc1caf..4ecfb4a14c2bf3f0ac846d5e59547852d13d24f4 100644 (file)
--- a/test/ssltestlib.c
+++ b/test/ssltestlib.c
@@ -938,6 +938,8 @@ int create_bare_ssl_connection(SSL *serverssl, SSL *clientssl, int want,
 
         if (!clienterr && retc <= 0 && err != SSL_ERROR_WANT_READ) {
             TEST_info("SSL_connect() failed %d, %d", retc, err);
+            if (want != SSL_ERROR_SSL)
+                TEST_openssl_errors();
             clienterr = 1;
         }
         if (want != SSL_ERROR_NONE && err == want)
@@ -954,6 +956,8 @@ int create_bare_ssl_connection(SSL *serverssl, SSL *clientssl, int want,
                 && err != SSL_ERROR_WANT_READ
                 && err != SSL_ERROR_WANT_X509_LOOKUP) {
             TEST_info("SSL_accept() failed %d, %d", rets, err);
+            if (want != SSL_ERROR_SSL)
+                TEST_openssl_errors();
             servererr = 1;
         }
         if (want != SSL_ERROR_NONE && err == want)