@@ -285,7 +285,7 @@ static int tls_complete_init(struct tcp_connection* c)

 	data->state = state;

 	if (unlikely(data->ssl == 0 || data->rwbio == 0)) {

-		TLS_ERR("Failed to create SSL or BIO structure:");

+		TLS_ERR_SSL("Failed to create SSL or BIO structure:", data->ssl);

 		if (data->ssl)

 			SSL_free(data->ssl);

 		if (data->rwbio)

@@ -446,7 +446,7 @@ EVP_PKEY * tls_lookup_private_key(SSL_CTX*);

 int tls_accept(struct tcp_connection *c, int* error)

 {

 	int ret;

-	SSL *ssl;

+	SSL *ssl = NULL;

 	X509* cert;

 	struct tls_extra_data* tls_c;

 	int tls_log;

@@ -792,7 +792,7 @@ int tls_h_encode_f(struct tcp_connection *c,

 						snd_flags_t* send_flags)

 {

 	int n, offs;

-	SSL* ssl;

+	SSL* ssl = NULL;

 	struct tls_extra_data* tls_c;

 	static unsigned char wr_buf[TLS_WR_MBUF_SZ];

 	struct tls_mbuf rd, wr;

@@ -929,7 +929,7 @@ redo_wr:

 			case SSL_ERROR_SSL:

 				/* protocol level error */

 				ERR("protocol level error\n");

-				TLS_ERR(err_src);

+				TLS_ERR_SSL(err_src, ssl);

 				memset(ip_buf, 0, sizeof(buf));

 				ip_addr2sbuf(&(c->rcv.src_ip), ip_buf, sizeof(ip_buf));

 				ERR("source IP: %s\n", ip_buf);

@@ -970,7 +970,7 @@ redo_wr:

 				}

 				goto error;

 			default:

-				TLS_ERR(err_src);

+				TLS_ERR_SSL(err_src, ssl);

 				BUG("unexpected SSL error %d\n", ssl_error);

 				goto bug;

 		}

@@ -1053,6 +1053,7 @@ int tls_h_read_f(struct tcp_connection* c, rd_conn_flags_t* flags)

 	int x;

 	int tls_dbg;

+	ssl = NULL;

 	TLS_RD_TRACE("(%p, %p (%d)) start (%s -> %s:%d*)\n",

 					c, flags, *flags,

 					su2a(&c->rcv.src_su, sizeof(c->rcv.src_su)),

@@ -1327,7 +1328,7 @@ ssl_read_skipped:

 		case SSL_ERROR_SSL:

 			/* protocol level error */

 			ERR("protocol level error\n");

-			TLS_ERR(err_src);

+			TLS_ERR_SSL(err_src, ssl);

 			memset(ip_buf, 0, sizeof(ip_buf));

 			ip_addr2sbuf(&(c->rcv.src_ip), ip_buf, sizeof(ip_buf));

 			ERR("src addr: %s:%d\n", ip_buf, c->rcv.src_port);

@@ -1368,7 +1369,7 @@ ssl_read_skipped:

 			}

 			goto error;

 		default:

-			TLS_ERR(err_src);

+			TLS_ERR_SSL(err_src, ssl);

 			BUG("unexpected SSL error %d\n", ssl_error);

 			goto bug;

 	}

@@ -26,20 +26,29 @@

 #ifndef _TLS_UTIL_H

 #define _TLS_UTIL_H

+#include <openssl/ssl.h>

 #include <openssl/err.h>

 #include "../../core/dprint.h"

 #include "../../core/str.h"

 #include "tls_domain.h"

-static inline int tls_err_ret(char *s, tls_domains_cfg_t **tls_domains_cfg) {

+static inline int tls_err_ret(char *s, SSL* ssl,

+		tls_domains_cfg_t **tls_domains_cfg)

+{

 	long err;

 	int ret = 0;

+	const char *sn = NULL;

+

 	if ((*tls_domains_cfg)->srv_default->ctx &&

 		(*tls_domains_cfg)->srv_default->ctx[0])

 	{

+		if(ssl) {

+			sn = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);

+		}

 		while((err = ERR_get_error())) {

 			ret = 1;

-			ERR("%s%s\n", s ? s : "", ERR_error_string(err, 0));

+			ERR("%s%s (sni: %s)\n", s ? s : "", ERR_error_string(err, 0),

+					(sn) ? sn : "unknown");

 		}

 	}

 	return ret;

@@ -47,15 +56,19 @@ static inline int tls_err_ret(char *s, tls_domains_cfg_t **tls_domains_cfg) {

 #define TLS_ERR_RET(r, s) \

 do { \

-	(r) = tls_err_ret((s), tls_domains_cfg); \

+	(r) = tls_err_ret((s), NULL, tls_domains_cfg); \

 } while(0)

 #define TLS_ERR(s) \

 do { \

-	tls_err_ret((s), tls_domains_cfg); \

+	tls_err_ret((s), NULL, tls_domains_cfg); \

 } while(0)

+#define TLS_ERR_SSL(s, ssl) \

+do { \

+	tls_err_ret((s), (ssl), tls_domains_cfg); \

+} while(0)

 /*

  * Make a shared memory copy of ASCII zero terminated string