From 420f5abcd7e2229aef90c9b1c4b290d5a8ca5c54 Mon Sep 17 00:00:00 2001
From: Marten Seemann <martenseemann@gmail.com>
Date: Fri, 2 Dec 2016 17:51:06 +0700
Subject: [PATCH] log when certificate or server proof verification fails

---
 handshake/crypto_setup_client.go | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/handshake/crypto_setup_client.go b/handshake/crypto_setup_client.go
index acb8144c..604c043e 100644
--- a/handshake/crypto_setup_client.go
+++ b/handshake/crypto_setup_client.go
@@ -156,6 +156,7 @@ func (h *cryptoSetupClient) handleREJMessage(cryptoData map[Tag][]byte) error {
 
 		err = h.certManager.Verify(h.hostname)
 		if err != nil {
+			utils.Infof("Certificate validation failed: %s", err.Error())
 			return qerr.ProofInvalid
 		}
 	}
@@ -163,6 +164,7 @@ func (h *cryptoSetupClient) handleREJMessage(cryptoData map[Tag][]byte) error {
 	if h.serverConfig != nil && len(h.proof) != 0 && h.certManager.GetLeafCert() != nil {
 		validProof := h.certManager.VerifyServerProof(h.proof, h.chloForSignature, h.serverConfig.Get())
 		if !validProof {
+			utils.Infof("Server proof verification failed")
 			return qerr.ProofInvalid
 		}