From 8274492b95570cee586ce60aa9b134e19fe79468 Mon Sep 17 00:00:00 2001
From: Anthony Ramine <nox@nox.paris>
Date: Thu, 4 Mar 2021 12:18:48 +0100
Subject: [PATCH 1/4] Separate errors in an error stack better

---
 boring/src/error.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/boring/src/error.rs b/boring/src/error.rs
index 616b80bc..81443f43 100644
--- a/boring/src/error.rs
+++ b/boring/src/error.rs
@@ -66,7 +66,7 @@ impl fmt::Display for ErrorStack {
         let mut first = true;
         for err in &self.0 {
             if !first {
-                fmt.write_str(", ")?;
+                fmt.write_str("\n--\n")?;
             }
             write!(fmt, "{}", err)?;
             first = false;

From 51734088efba05e7404c303136447844255aa3b1 Mon Sep 17 00:00:00 2001
From: Anthony Ramine <nox@nox.paris>
Date: Thu, 4 Mar 2021 12:17:24 +0100
Subject: [PATCH 2/4] Print handshake errors in a better way

We completely ignore the ErrorStack value if it is
an X509 verification failure.
---
 boring/src/ssl/error.rs | 63 ++++++++++++++++++++++++++++++++---------
 1 file changed, 49 insertions(+), 14 deletions(-)

diff --git a/boring/src/ssl/error.rs b/boring/src/ssl/error.rs
index 91bdbb4e..674e221c 100644
--- a/boring/src/ssl/error.rs
+++ b/boring/src/ssl/error.rs
@@ -4,6 +4,7 @@ use std::error;
 use std::error::Error as StdError;
 use std::fmt;
 use std::io;
+use std::path::Path;
 
 use error::ErrorStack;
 use ssl::MidHandshakeSslStream;
@@ -150,29 +151,63 @@ impl<S: fmt::Debug> StdError for HandshakeError<S> {
     }
 }
 
-impl<S: fmt::Debug> fmt::Display for HandshakeError<S> {
+impl<S> fmt::Display for HandshakeError<S> {
     fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
         match *self {
-            HandshakeError::SetupFailure(ref e) => write!(f, "stream setup failed: {}", e)?,
-            HandshakeError::Failure(ref s) => {
-                write!(f, "the handshake failed: {}", s.error())?;
-                let verify = s.ssl().verify_result();
-                if verify != X509VerifyResult::OK {
-                    write!(f, ": {}", verify)?;
-                }
+            HandshakeError::SetupFailure(ref e) => {
+                write!(f, "TLS stream setup failed:\n\n{}", e)
             }
+            HandshakeError::Failure(ref s) => fmt_mid_handshake_error(s, f, "TLS handshake failed"),
             HandshakeError::WouldBlock(ref s) => {
-                write!(f, "the handshake was interrupted: {}", s.error())?;
-                let verify = s.ssl().verify_result();
-                if verify != X509VerifyResult::OK {
-                    write!(f, ": {}", verify)?;
-                }
+                fmt_mid_handshake_error(s, f, "TLS handshake interrupted")
             }
         }
-        Ok(())
     }
 }
 
+fn fmt_mid_handshake_error(
+    s: &MidHandshakeSslStream<impl Sized>,
+    f: &mut fmt::Formatter,
+    prefix: &str,
+) -> fmt::Result {
+    match s.ssl().verify_result() {
+        X509VerifyResult::OK => write!(f, "{}", prefix)?,
+        verify => write!(f, "{}: cert verification failed - {}", prefix, verify)?,
+    }
+
+    if let Some(error) = s.error().io_error() {
+        return write!(f, " ({})", error);
+    }
+
+    if let Some(error) = s.error().ssl_error() {
+        let errors = error.errors();
+
+        if errors.is_empty() {
+            return Ok(());
+        }
+
+        f.write_str(":\n")?;
+
+        for error in errors {
+            let path = error.file();
+            let file = Path::new(path)
+                .file_name()
+                .and_then(|name| name.to_str())
+                .unwrap_or(path);
+
+            write!(
+                f,
+                "\n{} [{}] ({}:{})",
+                error.reason().unwrap_or("unknown error"),
+                error.code(),
+                file,
+                error.line()
+            )?;
+        }
+    }
+    Ok(())
+}
+
 impl<S> From<ErrorStack> for HandshakeError<S> {
     fn from(e: ErrorStack) -> HandshakeError<S> {
         HandshakeError::SetupFailure(e)

From 66cabd882c301700123faef1dd2b0ad555ce0873 Mon Sep 17 00:00:00 2001
From: Anthony Ramine <nox@nox.paris>
Date: Tue, 9 Mar 2021 12:45:39 +0100
Subject: [PATCH 3/4] Introduce MidHandshakeSslStream::into_parts

---
 boring/src/ssl/mod.rs | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/boring/src/ssl/mod.rs b/boring/src/ssl/mod.rs
index c93cbf5c..a3bbc48f 100644
--- a/boring/src/ssl/mod.rs
+++ b/boring/src/ssl/mod.rs
@@ -2876,6 +2876,11 @@ impl<S> MidHandshakeSslStream<S> {
         self.stream.into_inner()
     }
 
+    /// Returns both the error and the source data stream, consuming `self`.
+    pub fn into_parts(self) -> (Error, S) {
+        (self.error, self.stream.into_inner())
+    }
+
     /// Restarts the handshake process.
     ///
     /// This corresponds to [`SSL_do_handshake`].

From 8fc84f01e065e3ab5424c6186b8550ba3c861801 Mon Sep 17 00:00:00 2001
From: Anthony Ramine <nox@nox.paris>
Date: Tue, 9 Mar 2021 13:58:12 +0100
Subject: [PATCH 4/4] Add tokio_boring::HandshakeError::as_source_stream

---
 tokio-boring/src/lib.rs | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/tokio-boring/src/lib.rs b/tokio-boring/src/lib.rs
index 750e1ee1..1ed5c25a 100644
--- a/tokio-boring/src/lib.rs
+++ b/tokio-boring/src/lib.rs
@@ -277,13 +277,21 @@ impl<S> HandshakeError<S> {
         }
     }
 
-    /// Converts error to the source data stream tha was used for the handshake.
+    /// Converts error to the source data stream that was used for the handshake.
     pub fn into_source_stream(self) -> Option<S> {
         match self.0 {
             ssl::HandshakeError::Failure(s) => Some(s.into_source_stream().stream),
             _ => None,
         }
     }
+
+    /// Returns a reference to the source data stream.
+    pub fn as_source_stream(&self) -> Option<&S> {
+        match &self.0 {
+            ssl::HandshakeError::Failure(s) => Some(&s.get_ref().stream),
+            _ => None,
+        }
+    }
 }
 
 impl<S> fmt::Debug for HandshakeError<S>