From e471a74e40d378d2c27e1a045b511d7b33c9e31c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philipp=20H=C3=B6rist?= <forenjunkie@chello.at>
Date: Tue, 1 May 2018 01:30:39 +0200
Subject: Record all ssl errors that are encountered

---
 nbxmpp/bosh.py          | 4 +++-
 nbxmpp/tls_nb.py        | 6 ++++++
 nbxmpp/transports_nb.py | 3 +++
 3 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/nbxmpp/bosh.py b/nbxmpp/bosh.py
index 2d6fa0c..1babfeb 100644
--- a/nbxmpp/bosh.py
+++ b/nbxmpp/bosh.py
@@ -93,8 +93,10 @@ class NonBlockingBOSH(NonBlockingTransport):
 
         # ssl variables
         self.ssl_certificate = None
+        # first ssl error
         self.ssl_errnum = 0
-
+        # all ssl errors
+        self.ssl_errors = []
 
     def connect(self, conn_5tuple, on_connect, on_connect_failure):
         NonBlockingTransport.connect(self, conn_5tuple, on_connect, on_connect_failure)
diff --git a/nbxmpp/tls_nb.py b/nbxmpp/tls_nb.py
index 99ca4f5..da9ba0c 100644
--- a/nbxmpp/tls_nb.py
+++ b/nbxmpp/tls_nb.py
@@ -508,7 +508,13 @@ class NonBlockingTLS(PlugIn):
     def _ssl_verify_callback(self, sslconn, cert, errnum, depth, ok):
         # Exceptions can't propagate up through this callback, so print them here.
         try:
+            if errnum:
+                self._owner.ssl_errors.append(errnum)
+                # This stores all ssl errors that are encountered while
+                # the chain is verifyed
             if not self._owner.ssl_errnum:
+                # This records the first ssl error that is encountered
+                # we keep this because of backwards compatibility
                 self._owner.ssl_errnum = errnum
             if depth == 0:
                 self._owner.ssl_certificate = cert
diff --git a/nbxmpp/transports_nb.py b/nbxmpp/transports_nb.py
index c3faa71..37e7a58 100644
--- a/nbxmpp/transports_nb.py
+++ b/nbxmpp/transports_nb.py
@@ -339,7 +339,10 @@ class NonBlockingTCP(NonBlockingTransport, IdleObject):
 
         # ssl variables
         self.ssl_certificate = None
+        # first ssl error
         self.ssl_errnum = 0
+        # all ssl errors
+        self.ssl_errors = []
 
         self.alpn = alpn
 
-- 
cgit v1.2.3