Record all ssl errors that are encountered

3 files changed, 12 insertions, 1 deletions

diff --git a/nbxmpp/bosh.py b/nbxmpp/bosh.py
index 2d6fa0c..1babfeb 100644
--- a/nbxmpp/bosh.py
+++ b/nbxmpp/bosh.py
@@ -93,8 +93,10 @@ class NonBlockingBOSH(NonBlockingTransport):
 
         # ssl variables
         self.ssl_certificate = None
+        # first ssl error
         self.ssl_errnum = 0
-
+        # all ssl errors
+        self.ssl_errors = []
 
     def connect(self, conn_5tuple, on_connect, on_connect_failure):
         NonBlockingTransport.connect(self, conn_5tuple, on_connect, on_connect_failure)
diff --git a/nbxmpp/tls_nb.py b/nbxmpp/tls_nb.py
index 99ca4f5..da9ba0c 100644
--- a/nbxmpp/tls_nb.py
+++ b/nbxmpp/tls_nb.py
@@ -508,7 +508,13 @@ class NonBlockingTLS(PlugIn):
     def _ssl_verify_callback(self, sslconn, cert, errnum, depth, ok):
         # Exceptions can't propagate up through this callback, so print them here.
         try:
+            if errnum:
+                self._owner.ssl_errors.append(errnum)
+                # This stores all ssl errors that are encountered while
+                # the chain is verifyed
             if not self._owner.ssl_errnum:
+                # This records the first ssl error that is encountered
+                # we keep this because of backwards compatibility
                 self._owner.ssl_errnum = errnum
             if depth == 0:
                 self._owner.ssl_certificate = cert
diff --git a/nbxmpp/transports_nb.py b/nbxmpp/transports_nb.py
index c3faa71..37e7a58 100644
--- a/nbxmpp/transports_nb.py
+++ b/nbxmpp/transports_nb.py
@@ -339,7 +339,10 @@ class NonBlockingTCP(NonBlockingTransport, IdleObject):
 
         # ssl variables
         self.ssl_certificate = None
+        # first ssl error
         self.ssl_errnum = 0
+        # all ssl errors
+        self.ssl_errors = []
 
         self.alpn = alpn