Provde more informative debug output when TLS handshake fails

2025-04-23 09:04:13 +00:00 · 2022-02-17 09:05:49 +00:00 · 2022-02-17 09:05:49 +00:00 · 6837924e60
commit 6837924e60
parent 3bc05ad580
1 changed files with 19 additions and 2 deletions
--- a/Source/GSTLS.m
+++ b/Source/GSTLS.m
@ -1958,8 +1958,25 @@ retrieve_callback(gnutls_session_t session,
 #endif
            || ret == GNUTLS_E_UNSUPPORTED_VERSION_PACKET)
            {
-              p = [p stringByAppendingString:
-                @"\nmost often due to the remote end not expecting TLS/SSL"];
+	      NSString	*extra = nil;
+
+	      switch (ret)
+		{
+		  case GNUTLS_E_FATAL_ALERT_RECEIVED:
+		    extra = @"The TLS protocol does not tell us why the remote"
+		      @" end sent an alert, but the most common problem during"
+		      @" handshake is a cipher mismatch";
+		      break;
+		  case GNUTLS_E_UNEXPECTED_PACKET_LENGTH:
+                  case GNUTLS_E_PREMATURE_TERMINATION:
+		    extra = @"Most often this is due to the remote end not"
+		      @" expecting/supporting TLS";
+		    break;
+		}
+	      if (extra)
+		{
+		  p = [p stringByAppendingFormat: @"\n%@", extra];
+		}
              ASSIGN(problem, p);
              if (YES == debug)
                {