TlsFail does not contain the underlying error info

[keepsimple1]

trafficstars

Error::TlsFail is used a generic error code for most TLS errors. However sometimes it's important to find out what the actual cause is. For example:

https://github.com/cloudflare/quiche/blob/a9ee599a7bf9f4365d4368c1b0d8e7b92bf2424f/quiche/src/tls.rs#L189

and

https://github.com/cloudflare/quiche/blob/a9ee599a7bf9f4365d4368c1b0d8e7b92bf2424f/quiche/src/tls.rs#L988-L993

In my case, load_cert_chain_from_pem_file failed intermittently but only returned TlsFail without further info. Is there any plan to bubble up the underlying error info in such TLS failures?

[ghedo]

The SSL_CTX_use_certificate_chain_file() BoringSSL function used as part of load_cert_chain_from_pem_file() only returns 2 values, one for success and one for failure, so there's really no additional information we can return here.

[keepsimple1]

The SSL_CTX_use_certificate_chain_file() BoringSSL function used as part of load_cert_chain_from_pem_file() only returns 2 values, one for success and one for failure, so there's really no additional information we can return here.

In this specific case, it still can be useful to know what is the value of the one for failure, and then find out its meaning from other sources (e.g. BoringSSL docs, etc).

Moreover, load_cert_chain_from_pem_file can fail due to two different reasons, namely due to ffi::CString::new or due to SSL_CTX_use_certificate_chain_file, but TlsFail does not tell us which.

[jyn514]

there's really no additional information we can return here.

I don't think this is true - we can return the last openssl error, like we do for logging: https://github.com/cloudflare/quiche/blob/d7d28612d2bd9be9c6fdba8c32c28dd29287ecbb/quiche/src/tls.rs#L1100-L1105