From a538452fa4085fe71c313f3aa9a24f483cf64c9c Mon Sep 17 00:00:00 2001
From: William Lallemand <wlallemand@haproxy.org>
Date: Tue, 25 Oct 2022 15:53:01 +0200
Subject: [PATCH] MINOR: ssl: add the SSL error string before the chain

Add the SSL error string when failing to load a certificate in
ssl_sock_load_pem_into_ckch(). It's difficult to know what happen when no
 descriptive errror are emitted. This one is for the certificate before
trying to load the complete chain.
---
 src/ssl_ckch.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/ssl_ckch.c b/src/ssl_ckch.c
index ecf69f067..61ffbc08f 100644
--- a/src/ssl_ckch.c
+++ b/src/ssl_ckch.c
@@ -616,8 +616,9 @@ int ssl_sock_load_pem_into_ckch(const char *path, char *buf, struct cert_key_and
 	/* Read Certificate */
 	cert = PEM_read_bio_X509_AUX(in, NULL, NULL, NULL);
 	if (cert == NULL) {
-		memprintf(err, "%sunable to load certificate from file '%s'.\n",
-		          err && *err ? *err : "", path);
+		ret = ERR_get_error();
+		memprintf(err, "%sunable to load certificate from file '%s': %s.\n",
+		          err && *err ? *err : "", path, ERR_reason_error_string(ret));
 		goto end;
 	}