net.mbedtls: make errors more verbose, to ease remote diagnosis of issues

spytheman · spytheman · commit 390fbaaeef18 · 2025-12-16T13:33:00.000+02:00
diff --git a/vlib/net/mbedtls/ssl_connection.c.v b/vlib/net/mbedtls/ssl_connection.c.v
@@ -51,21 +51,24 @@ pub fn new_sslcerts_in_memory(verify string, cert string, cert_key string) !&SSL
 	if verify != '' {
 		ret := C.mbedtls_x509_crt_parse(&certs.cacert, verify.str, verify.len + 1)
 		if ret != 0 {
-			return error_with_code('mbedtls_x509_crt_parse error', ret)
+			return error_with_code('net.mbedtls new_sslcerts_in_memory, mbedtls_x509_crt_parse error 1 ret: ${ret}',
+				ret)
 		}
 	}
 	if cert != '' {
 		ret := C.mbedtls_x509_crt_parse(&certs.client_cert, cert.str, cert.len + 1)
 		if ret != 0 {
-			return error_with_code('mbedtls_x509_crt_parse error', ret)
+			return error_with_code('net.mbedtls new_sslcerts_in_memory, mbedtls_x509_crt_parse error 2 ret: ${ret}',
+				ret)
 		}
 	}
 	if cert_key != '' {
 		unsafe {
 			ret := C.mbedtls_pk_parse_key(&certs.client_key, cert_key.str, cert_key.len + 1,
 				0, 0, C.mbedtls_ctr_drbg_random, &ctr_drbg)
 			if ret != 0 {
-				return error_with_code('v error', ret)
+				return error_with_code('net.mbedtls new_sslcerts_in_memory, mbedtls_pk_parse_key error ret: ${ret}',
+					ret)
 			}
 		}
 	}
@@ -78,21 +81,24 @@ pub fn new_sslcerts_from_file(verify string, cert string, cert_key string) !&SSL
 	if verify != '' {
 		ret := C.mbedtls_x509_crt_parse_file(&certs.cacert, &char(verify.str))
 		if ret != 0 {
-			return error_with_code('mbedtls_x509_crt_parse error', ret)
+			return error_with_code('net.mbedtls new_sslcerts_from_file, mbedtls_x509_crt_parse_file error 1 ret: ${ret}',
+				ret)
 		}
 	}
 	if cert != '' {
 		ret := C.mbedtls_x509_crt_parse_file(&certs.client_cert, &char(cert.str))
 		if ret != 0 {
-			return error_with_code('mbedtls_x509_crt_parse error', ret)
+			return error_with_code('net.mbedtls new_sslcerts_from_file, mbedtls_x509_crt_parse_file error 2 ret: ${ret}',
+				ret)
 		}
 	}
 	if cert_key != '' {
 		unsafe {
 			ret := C.mbedtls_pk_parse_keyfile(&certs.client_key, &char(cert_key.str),
 				0, C.mbedtls_ctr_drbg_random, &ctr_drbg)
 			if ret != 0 {
-				return error_with_code('v error', ret)
+				return error_with_code('net.mbedtls new_sslcerts_from_file, mbedtls_pk_parse_keyfile error ret: ${ret}',
+					ret)
 			}
 		}
 	}
@@ -171,10 +177,10 @@ fn (mut l SSLListener) init() ! {
 
 	lhost, lport := net.split_address(l.saddr)!
 	if l.config.cert == '' || l.config.cert_key == '' {
-		return error('No certificate or key provided')
+		return error('net.mbedtls SSLListener.init, no certificate or key provided')
 	}
 	if l.config.validate && l.config.verify == '' {
-		return error('No root CA provided')
+		return error('net.mbedtls SSLListener.init, no root CA provided')
 	}
 	C.mbedtls_net_init(&l.server_fd)
 	C.mbedtls_ssl_init(&l.ssl)
@@ -195,11 +201,11 @@ fn (mut l SSLListener) init() ! {
 
 	if l.config.in_memory_verification {
 		l.certs = new_sslcerts_in_memory(l.config.verify, l.config.cert, l.config.cert_key) or {
-			return error('Cert failure')
+			return error('net.mbedtls SSLListener.init, cert failure 1, err: ${err}')
 		}
 	} else {
 		l.certs = new_sslcerts_from_file(l.config.verify, l.config.cert, l.config.cert_key) or {
-			return error('Cert failure')
+			return error('net.mbedtls SSLListener.init, cert failure 2, err: ${err}')
 		}
 	}
 
@@ -216,26 +222,28 @@ fn (mut l SSLListener) init() ! {
 	ret = C.mbedtls_net_bind(&l.server_fd, bind_ip, voidptr(bind_port.str), C.MBEDTLS_NET_PROTO_TCP)
 
 	if ret != 0 {
-		return error_with_code("can't bind to ${l.saddr}", ret)
+		return error_with_code("net.mbedtls SSLListener.init, mbedtls_net_bind can't bind to ${l.saddr} error ret: ${ret}",
+			ret)
 	}
 
 	ret = C.mbedtls_ssl_config_defaults(&l.conf, C.MBEDTLS_SSL_IS_SERVER, C.MBEDTLS_SSL_TRANSPORT_STREAM,
 		C.MBEDTLS_SSL_PRESET_DEFAULT)
 	if ret != 0 {
-		return error_with_code("can't to set config defaults", ret)
+		return error_with_code("net.mbedtls SSLListener.init, mbedtls_ssl_config_defaults can't set config defaults ret: ${ret}",
+			ret)
 	}
 
 	C.mbedtls_ssl_conf_ca_chain(&l.conf, &l.certs.cacert, unsafe { nil })
 	ret = C.mbedtls_ssl_conf_own_cert(&l.conf, &l.certs.client_cert, &l.certs.client_key)
-
 	if ret != 0 {
-		return error_with_code("can't load certificate", ret)
+		return error_with_code("net.mbedtls SSLListener.init, mbedtls_ssl_conf_own_cert can't load certificate ret: ${ret}",
+			ret)
 	}
 
 	ret = C.mbedtls_ssl_setup(&l.ssl, &l.conf)
-
 	if ret != 0 {
-		return error_with_code("can't setup ssl", ret)
+		return error_with_code("net.mbedtls SSLListener.init, mbedtls_ssl_setup can't setup ssl ret: ${ret}",
+			ret)
 	}
 
 	if get_cert_callback := l.config.get_certificate {
@@ -270,7 +278,8 @@ pub fn (mut l SSLListener) accept() !&SSLConn {
 
 	mut ret := C.mbedtls_net_accept(&l.server_fd, &conn.server_fd, &ip, 16, &iplen)
 	if ret != 0 {
-		return error_with_code("can't accept connection", ret)
+		return error_with_code("net.mbedtls SSLListener.accept, mbedtls_net_accept can't accept connection ret: ${ret}",
+			ret)
 	}
 	conn.handle = conn.server_fd.fd
 	conn.owns_socket = true
@@ -281,9 +290,9 @@ pub fn (mut l SSLListener) accept() !&SSLConn {
 	C.mbedtls_ssl_init(&conn.ssl)
 	C.mbedtls_ssl_config_init(&conn.conf)
 	ret = C.mbedtls_ssl_setup(&conn.ssl, &l.conf)
-
 	if ret != 0 {
-		return error_with_code('SSL setup failed', ret)
+		return error_with_code('net.mbedtls SSLListener.accept, mbedtls_ssl_setup SSL setup failed ret: ${ret}',
+			ret)
 	}
 
 	C.mbedtls_ssl_set_bio(&conn.ssl, &conn.server_fd, C.mbedtls_net_send, C.mbedtls_net_recv,
@@ -297,7 +306,8 @@ pub fn (mut l SSLListener) accept() !&SSLConn {
 					eprintln('${@METHOD} shutdown ---> res: ${err}')
 				}
 			}
-			return error_with_code('SSL handshake failed', ret)
+			return error_with_code('net.mbedtls SSLListener.accept, mbedtls_ssl_handshake failed 1; handshake ret: ${ret}',
+				ret)
 		}
 		ret = C.mbedtls_ssl_handshake(&conn.ssl)
 	}
@@ -326,7 +336,7 @@ pub fn new_ssl_conn(config SSLConnectConfig) !&SSLConn {
 	mut conn := &SSLConn{
 		config: config
 	}
-	conn.init() or { return err }
+	conn.init()!
 	return conn
 }
 
@@ -348,7 +358,7 @@ pub fn (mut s SSLConn) shutdown() ! {
 		eprintln(@METHOD)
 	}
 	if !s.opened {
-		return error('ssl connection not open')
+		return error('net.mbedtls SSLConn.shutdown, connection was not open')
 	}
 	if unsafe { s.certs != nil } {
 		C.mbedtls_x509_crt_free(&s.certs.cacert)
@@ -375,7 +385,8 @@ fn (mut s SSLConn) init() ! {
 	ret = C.mbedtls_ssl_config_defaults(&s.conf, C.MBEDTLS_SSL_IS_CLIENT, C.MBEDTLS_SSL_TRANSPORT_STREAM,
 		C.MBEDTLS_SSL_PRESET_DEFAULT)
 	if ret != 0 {
-		return error_with_code('Failed to set SSL configuration', ret)
+		return error_with_code('net.mbedtls SSLConn.init, mbedtls_ssl_config_defaults failed to set SSL configuration ret: ${ret}',
+			ret)
 	}
 	$if trace_mbedtls_timeouts ? {
 		dump(mbedtls_client_read_timeout_ms)
@@ -423,7 +434,8 @@ fn (mut s SSLConn) init() ! {
 		}
 	}
 	if ret < 0 {
-		return error_with_code('Failed to set certificates', ret)
+		return error_with_code('net.mbedtls SSLConn.init, failed to set certificates, ret: ${ret}',
+			ret)
 	}
 
 	if unsafe { s.certs != nil } {
@@ -439,7 +451,8 @@ fn (mut s SSLConn) init() ! {
 
 	ret = C.mbedtls_ssl_setup(&s.ssl, &s.conf)
 	if ret != 0 {
-		return error_with_code('Failed to setup SSL connection', ret)
+		return error_with_code('net.mbedtls SSLConn.init, mbedtls_ssl_setup failed to setup SSL connection ret: ${ret}',
+			ret)
 	}
 }
 
@@ -449,26 +462,23 @@ pub fn (mut s SSLConn) connect(mut tcp_conn net.TcpConn, hostname string) ! {
 		eprintln('${@METHOD} hostname: ${hostname}')
 	}
 	if s.opened {
-		return error('ssl connection already open')
+		return error('net.mbedtls SSLConn.connect, ssl connection was already open')
 	}
 	s.handle = tcp_conn.sock.handle
 	s.duration = 30 * time.second
-
 	mut ret := C.mbedtls_ssl_set_hostname(&s.ssl, &char(hostname.str))
 	if ret != 0 {
-		return error_with_code('Failed to set hostname', ret)
+		return error_with_code('net.mbedtls SSLConn.connect, mbedtls_ssl_set_hostname failed to set hostname',
+			ret)
 	}
-
 	s.server_fd.fd = s.handle
-
 	C.mbedtls_ssl_set_bio(&s.ssl, &s.server_fd, C.mbedtls_net_send, C.mbedtls_net_recv,
 		C.mbedtls_net_recv_timeout)
-
 	ret = C.mbedtls_ssl_handshake(&s.ssl)
 	if ret != 0 {
-		return error_with_code('SSL handshake failed', ret)
+		return error_with_code('net.mbedtls SSLConn.connect, mbedtls_ssl_handshake failed 2; ret: ${ret}',
+			ret)
 	}
-
 	s.opened = true
 }
 
@@ -479,32 +489,30 @@ pub fn (mut s SSLConn) dial(hostname string, port int) ! {
 	}
 	s.owns_socket = true
 	if s.opened {
-		return error('ssl connection already open')
+		return error('net.mbedtls SSLConn.dial, the ssl connection was already open')
 	}
 	s.duration = 30 * time.second
 
 	mut ret := C.mbedtls_ssl_set_hostname(&s.ssl, &char(hostname.str))
 	if ret != 0 {
-		return error_with_code('Failed to set hostname', ret)
+		return error_with_code('net.mbedtls SSLConn.dial, failed to set hostname', ret)
 	}
 
 	port_str := port.str()
 	ret = C.mbedtls_net_connect(&s.server_fd, &char(hostname.str), &char(port_str.str),
 		C.MBEDTLS_NET_PROTO_TCP)
 	if ret != 0 {
-		return error_with_code('Failed to connect to host', ret)
+		return error_with_code('net.mbedtls SSLConn.dial, failed to connect to host',
+			ret)
 	}
-
 	C.mbedtls_ssl_set_bio(&s.ssl, &s.server_fd, C.mbedtls_net_send, C.mbedtls_net_recv,
 		C.mbedtls_net_recv_timeout)
-
 	s.handle = s.server_fd.fd
-
 	ret = C.mbedtls_ssl_handshake(&s.ssl)
 	if ret != 0 {
-		return error_with_code('SSL handshake failed', ret)
+		return error_with_code('net.mbedtls SSLConn.dial, mbedtls_ssl_handshake failed 3; ret: ${ret}',
+			ret)
 	}
-
 	s.opened = true
 }
 
@@ -568,14 +576,14 @@ pub fn (mut s SSLConn) socket_read_into_ptr(buf_ptr &u8, len int) !int {
 					$if trace_ssl ? {
 						eprintln('${@METHOD} ---> res: could not read using SSL')
 					}
-					return error_with_code('Could not read using SSL', res)
+					return error_with_code('net.mbedtls SSLConn.socket_read_into_ptr, could not read using SSL',
+						res)
 				}
 			}
 		}
 	}
-
-	// Dead code, for the compiler to pass
-	return error('Unknown error')
+	// Dead code, just to satisfy the compiler:
+	return error('net.mbedtls SSLConn.socket_read_into_ptr, unknown error')
 }
 
 // read reads data from the ssl connection into `buffer`
@@ -616,7 +624,8 @@ pub fn (mut s SSLConn) write_ptr(bytes &u8, len int) !int {
 						$if trace_ssl ? {
 							eprintln('${@METHOD} ---> res: could not write SSL, sent: ${sent}')
 						}
-						return error_with_code('Could not write using SSL', sent)
+						return error_with_code('net.mbedtls SSLConn.write_ptr, could not write using SSL',
+							sent)
 					}
 				}
 			}
@@ -682,7 +691,7 @@ fn select(handle int, test Select, timeout time.Duration) !bool {
 				remaining_time = (deadline - time.now()).milliseconds()
 				continue
 			}
-			return error_with_code('Select failed: ${res}', C.errno)
+			return error_with_code('net.mbedtls select, failed, res: ${res}', C.errno)
 		} else if res == 0 {
 			return net.err_timed_out
 		}

Original file line number	Diff line number	Diff line change
`@@ -51,21 +51,24 @@ pub fn new_sslcerts_in_memory(verify string, cert string, cert_key string) !&SSL`
`51`	`51`	`if verify != '' {`
`52`	`52`	`ret := C.mbedtls_x509_crt_parse(&certs.cacert, verify.str, verify.len + 1)`
`53`	`53`	`if ret != 0 {`
`54`		`- return error_with_code('mbedtls_x509_crt_parse error', ret)`
	`54`	`+ return error_with_code('net.mbedtls new_sslcerts_in_memory, mbedtls_x509_crt_parse error 1 ret: ${ret}',`
	`55`	`+ ret)`
`55`	`56`	`}`
`56`	`57`	`}`
`57`	`58`	`if cert != '' {`
`58`	`59`	`ret := C.mbedtls_x509_crt_parse(&certs.client_cert, cert.str, cert.len + 1)`
`59`	`60`	`if ret != 0 {`
`60`		`- return error_with_code('mbedtls_x509_crt_parse error', ret)`
	`61`	`+ return error_with_code('net.mbedtls new_sslcerts_in_memory, mbedtls_x509_crt_parse error 2 ret: ${ret}',`
	`62`	`+ ret)`
`61`	`63`	`}`
`62`	`64`	`}`
`63`	`65`	`if cert_key != '' {`
`64`	`66`	`unsafe {`
`65`	`67`	`ret := C.mbedtls_pk_parse_key(&certs.client_key, cert_key.str, cert_key.len + 1,`
`66`	`68`	`0, 0, C.mbedtls_ctr_drbg_random, &ctr_drbg)`
`67`	`69`	`if ret != 0 {`
`68`		`- return error_with_code('v error', ret)`
	`70`	`+ return error_with_code('net.mbedtls new_sslcerts_in_memory, mbedtls_pk_parse_key error ret: ${ret}',`
	`71`	`+ ret)`
`69`	`72`	`}`
`70`	`73`	`}`
`71`	`74`	`}`
`@@ -78,21 +81,24 @@ pub fn new_sslcerts_from_file(verify string, cert string, cert_key string) !&SSL`
`78`	`81`	`if verify != '' {`
`79`	`82`	`ret := C.mbedtls_x509_crt_parse_file(&certs.cacert, &char(verify.str))`
`80`	`83`	`if ret != 0 {`
`81`		`- return error_with_code('mbedtls_x509_crt_parse error', ret)`
	`84`	`+ return error_with_code('net.mbedtls new_sslcerts_from_file, mbedtls_x509_crt_parse_file error 1 ret: ${ret}',`
	`85`	`+ ret)`
`82`	`86`	`}`
`83`	`87`	`}`
`84`	`88`	`if cert != '' {`
`85`	`89`	`ret := C.mbedtls_x509_crt_parse_file(&certs.client_cert, &char(cert.str))`
`86`	`90`	`if ret != 0 {`
`87`		`- return error_with_code('mbedtls_x509_crt_parse error', ret)`
	`91`	`+ return error_with_code('net.mbedtls new_sslcerts_from_file, mbedtls_x509_crt_parse_file error 2 ret: ${ret}',`
	`92`	`+ ret)`
`88`	`93`	`}`
`89`	`94`	`}`
`90`	`95`	`if cert_key != '' {`
`91`	`96`	`unsafe {`
`92`	`97`	`ret := C.mbedtls_pk_parse_keyfile(&certs.client_key, &char(cert_key.str),`
`93`	`98`	`0, C.mbedtls_ctr_drbg_random, &ctr_drbg)`
`94`	`99`	`if ret != 0 {`
`95`		`- return error_with_code('v error', ret)`
	`100`	`+ return error_with_code('net.mbedtls new_sslcerts_from_file, mbedtls_pk_parse_keyfile error ret: ${ret}',`
	`101`	`+ ret)`
`96`	`102`	`}`
`97`	`103`	`}`
`98`	`104`	`}`
`@@ -171,10 +177,10 @@ fn (mut l SSLListener) init() ! {`
`171`	`177`
`172`	`178`	`lhost, lport := net.split_address(l.saddr)!`
`173`	`179`	`if l.config.cert == '' \|\| l.config.cert_key == '' {`
`174`		`- return error('No certificate or key provided')`
	`180`	`+ return error('net.mbedtls SSLListener.init, no certificate or key provided')`
`175`	`181`	`}`
`176`	`182`	`if l.config.validate && l.config.verify == '' {`
`177`		`- return error('No root CA provided')`
	`183`	`+ return error('net.mbedtls SSLListener.init, no root CA provided')`
`178`	`184`	`}`
`179`	`185`	`C.mbedtls_net_init(&l.server_fd)`
`180`	`186`	`C.mbedtls_ssl_init(&l.ssl)`
`@@ -195,11 +201,11 @@ fn (mut l SSLListener) init() ! {`
`195`	`201`
`196`	`202`	`if l.config.in_memory_verification {`
`197`	`203`	`l.certs = new_sslcerts_in_memory(l.config.verify, l.config.cert, l.config.cert_key) or {`
`198`		`- return error('Cert failure')`
	`204`	`+ return error('net.mbedtls SSLListener.init, cert failure 1, err: ${err}')`
`199`	`205`	`}`
`200`	`206`	`} else {`
`201`	`207`	`l.certs = new_sslcerts_from_file(l.config.verify, l.config.cert, l.config.cert_key) or {`
`202`		`- return error('Cert failure')`
	`208`	`+ return error('net.mbedtls SSLListener.init, cert failure 2, err: ${err}')`
`203`	`209`	`}`
`204`	`210`	`}`
`205`	`211`
`@@ -216,26 +222,28 @@ fn (mut l SSLListener) init() ! {`
`216`	`222`	`ret = C.mbedtls_net_bind(&l.server_fd, bind_ip, voidptr(bind_port.str), C.MBEDTLS_NET_PROTO_TCP)`
`217`	`223`
`218`	`224`	`if ret != 0 {`
`219`		`- return error_with_code("can't bind to ${l.saddr}", ret)`
	`225`	`+ return error_with_code("net.mbedtls SSLListener.init, mbedtls_net_bind can't bind to ${l.saddr} error ret: ${ret}",`
	`226`	`+ ret)`
`220`	`227`	`}`
`221`	`228`
`222`	`229`	`ret = C.mbedtls_ssl_config_defaults(&l.conf, C.MBEDTLS_SSL_IS_SERVER, C.MBEDTLS_SSL_TRANSPORT_STREAM,`
`223`	`230`	`C.MBEDTLS_SSL_PRESET_DEFAULT)`
`224`	`231`	`if ret != 0 {`
`225`		`- return error_with_code("can't to set config defaults", ret)`
	`232`	`+ return error_with_code("net.mbedtls SSLListener.init, mbedtls_ssl_config_defaults can't set config defaults ret: ${ret}",`
	`233`	`+ ret)`
`226`	`234`	`}`
`227`	`235`
`228`	`236`	`C.mbedtls_ssl_conf_ca_chain(&l.conf, &l.certs.cacert, unsafe { nil })`
`229`	`237`	`ret = C.mbedtls_ssl_conf_own_cert(&l.conf, &l.certs.client_cert, &l.certs.client_key)`
`230`		`-`
`231`	`238`	`if ret != 0 {`
`232`		`- return error_with_code("can't load certificate", ret)`
	`239`	`+ return error_with_code("net.mbedtls SSLListener.init, mbedtls_ssl_conf_own_cert can't load certificate ret: ${ret}",`
	`240`	`+ ret)`
`233`	`241`	`}`
`234`	`242`
`235`	`243`	`ret = C.mbedtls_ssl_setup(&l.ssl, &l.conf)`
`236`		`-`
`237`	`244`	`if ret != 0 {`
`238`		`- return error_with_code("can't setup ssl", ret)`
	`245`	`+ return error_with_code("net.mbedtls SSLListener.init, mbedtls_ssl_setup can't setup ssl ret: ${ret}",`
	`246`	`+ ret)`
`239`	`247`	`}`
`240`	`248`
`241`	`249`	`if get_cert_callback := l.config.get_certificate {`
`@@ -270,7 +278,8 @@ pub fn (mut l SSLListener) accept() !&SSLConn {`
`270`	`278`
`271`	`279`	`mut ret := C.mbedtls_net_accept(&l.server_fd, &conn.server_fd, &ip, 16, &iplen)`
`272`	`280`	`if ret != 0 {`
`273`		`- return error_with_code("can't accept connection", ret)`
	`281`	`+ return error_with_code("net.mbedtls SSLListener.accept, mbedtls_net_accept can't accept connection ret: ${ret}",`
	`282`	`+ ret)`
`274`	`283`	`}`
`275`	`284`	`conn.handle = conn.server_fd.fd`
`276`	`285`	`conn.owns_socket = true`
`@@ -281,9 +290,9 @@ pub fn (mut l SSLListener) accept() !&SSLConn {`
`281`	`290`	`C.mbedtls_ssl_init(&conn.ssl)`
`282`	`291`	`C.mbedtls_ssl_config_init(&conn.conf)`
`283`	`292`	`ret = C.mbedtls_ssl_setup(&conn.ssl, &l.conf)`
`284`		`-`
`285`	`293`	`if ret != 0 {`
`286`		`- return error_with_code('SSL setup failed', ret)`
	`294`	`+ return error_with_code('net.mbedtls SSLListener.accept, mbedtls_ssl_setup SSL setup failed ret: ${ret}',`
	`295`	`+ ret)`
`287`	`296`	`}`
`288`	`297`
`289`	`298`	`C.mbedtls_ssl_set_bio(&conn.ssl, &conn.server_fd, C.mbedtls_net_send, C.mbedtls_net_recv,`
`@@ -297,7 +306,8 @@ pub fn (mut l SSLListener) accept() !&SSLConn {`
`297`	`306`	`eprintln('${@METHOD} shutdown ---> res: ${err}')`
`298`	`307`	`}`
`299`	`308`	`}`
`300`		`- return error_with_code('SSL handshake failed', ret)`
	`309`	`+ return error_with_code('net.mbedtls SSLListener.accept, mbedtls_ssl_handshake failed 1; handshake ret: ${ret}',`
	`310`	`+ ret)`
`301`	`311`	`}`
`302`	`312`	`ret = C.mbedtls_ssl_handshake(&conn.ssl)`
`303`	`313`	`}`
`@@ -326,7 +336,7 @@ pub fn new_ssl_conn(config SSLConnectConfig) !&SSLConn {`
`326`	`336`	`mut conn := &SSLConn{`
`327`	`337`	`config: config`
`328`	`338`	`}`
`329`		`- conn.init() or { return err }`
	`339`	`+ conn.init()!`
`330`	`340`	`return conn`
`331`	`341`	`}`
`332`	`342`
`@@ -348,7 +358,7 @@ pub fn (mut s SSLConn) shutdown() ! {`
`348`	`358`	`eprintln(@METHOD)`
`349`	`359`	`}`
`350`	`360`	`if !s.opened {`
`351`		`- return error('ssl connection not open')`
	`361`	`+ return error('net.mbedtls SSLConn.shutdown, connection was not open')`
`352`	`362`	`}`
`353`	`363`	`if unsafe { s.certs != nil } {`
`354`	`364`	`C.mbedtls_x509_crt_free(&s.certs.cacert)`
`@@ -375,7 +385,8 @@ fn (mut s SSLConn) init() ! {`
`375`	`385`	`ret = C.mbedtls_ssl_config_defaults(&s.conf, C.MBEDTLS_SSL_IS_CLIENT, C.MBEDTLS_SSL_TRANSPORT_STREAM,`
`376`	`386`	`C.MBEDTLS_SSL_PRESET_DEFAULT)`
`377`	`387`	`if ret != 0 {`
`378`		`- return error_with_code('Failed to set SSL configuration', ret)`
	`388`	`+ return error_with_code('net.mbedtls SSLConn.init, mbedtls_ssl_config_defaults failed to set SSL configuration ret: ${ret}',`
	`389`	`+ ret)`
`379`	`390`	`}`
`380`	`391`	`$if trace_mbedtls_timeouts ? {`
`381`	`392`	`dump(mbedtls_client_read_timeout_ms)`
`@@ -423,7 +434,8 @@ fn (mut s SSLConn) init() ! {`
`423`	`434`	`}`
`424`	`435`	`}`
`425`	`436`	`if ret < 0 {`
`426`		`- return error_with_code('Failed to set certificates', ret)`
	`437`	`+ return error_with_code('net.mbedtls SSLConn.init, failed to set certificates, ret: ${ret}',`
	`438`	`+ ret)`
`427`	`439`	`}`
`428`	`440`
`429`	`441`	`if unsafe { s.certs != nil } {`
`@@ -439,7 +451,8 @@ fn (mut s SSLConn) init() ! {`
`439`	`451`
`440`	`452`	`ret = C.mbedtls_ssl_setup(&s.ssl, &s.conf)`
`441`	`453`	`if ret != 0 {`
`442`		`- return error_with_code('Failed to setup SSL connection', ret)`
	`454`	`+ return error_with_code('net.mbedtls SSLConn.init, mbedtls_ssl_setup failed to setup SSL connection ret: ${ret}',`
	`455`	`+ ret)`
`443`	`456`	`}`
`444`	`457`	`}`
`445`	`458`
`@@ -449,26 +462,23 @@ pub fn (mut s SSLConn) connect(mut tcp_conn net.TcpConn, hostname string) ! {`
`449`	`462`	`eprintln('${@METHOD} hostname: ${hostname}')`
`450`	`463`	`}`
`451`	`464`	`if s.opened {`
`452`		`- return error('ssl connection already open')`
	`465`	`+ return error('net.mbedtls SSLConn.connect, ssl connection was already open')`
`453`	`466`	`}`
`454`	`467`	`s.handle = tcp_conn.sock.handle`
`455`	`468`	`s.duration = 30 * time.second`
`456`		`-`
`457`	`469`	`mut ret := C.mbedtls_ssl_set_hostname(&s.ssl, &char(hostname.str))`
`458`	`470`	`if ret != 0 {`
`459`		`- return error_with_code('Failed to set hostname', ret)`
	`471`	`+ return error_with_code('net.mbedtls SSLConn.connect, mbedtls_ssl_set_hostname failed to set hostname',`
	`472`	`+ ret)`
`460`	`473`	`}`
`461`		`-`
`462`	`474`	`s.server_fd.fd = s.handle`
`463`		`-`
`464`	`475`	`C.mbedtls_ssl_set_bio(&s.ssl, &s.server_fd, C.mbedtls_net_send, C.mbedtls_net_recv,`
`465`	`476`	`C.mbedtls_net_recv_timeout)`
`466`		`-`
`467`	`477`	`ret = C.mbedtls_ssl_handshake(&s.ssl)`
`468`	`478`	`if ret != 0 {`
`469`		`- return error_with_code('SSL handshake failed', ret)`
	`479`	`+ return error_with_code('net.mbedtls SSLConn.connect, mbedtls_ssl_handshake failed 2; ret: ${ret}',`
	`480`	`+ ret)`
`470`	`481`	`}`
`471`		`-`
`472`	`482`	`s.opened = true`
`473`	`483`	`}`
`474`	`484`
`@@ -479,32 +489,30 @@ pub fn (mut s SSLConn) dial(hostname string, port int) ! {`
`479`	`489`	`}`
`480`	`490`	`s.owns_socket = true`
`481`	`491`	`if s.opened {`
`482`		`- return error('ssl connection already open')`
	`492`	`+ return error('net.mbedtls SSLConn.dial, the ssl connection was already open')`
`483`	`493`	`}`
`484`	`494`	`s.duration = 30 * time.second`
`485`	`495`
`486`	`496`	`mut ret := C.mbedtls_ssl_set_hostname(&s.ssl, &char(hostname.str))`
`487`	`497`	`if ret != 0 {`
`488`		`- return error_with_code('Failed to set hostname', ret)`
	`498`	`+ return error_with_code('net.mbedtls SSLConn.dial, failed to set hostname', ret)`
`489`	`499`	`}`
`490`	`500`
`491`	`501`	`port_str := port.str()`
`492`	`502`	`ret = C.mbedtls_net_connect(&s.server_fd, &char(hostname.str), &char(port_str.str),`
`493`	`503`	`C.MBEDTLS_NET_PROTO_TCP)`
`494`	`504`	`if ret != 0 {`
`495`		`- return error_with_code('Failed to connect to host', ret)`
	`505`	`+ return error_with_code('net.mbedtls SSLConn.dial, failed to connect to host',`
	`506`	`+ ret)`
`496`	`507`	`}`
`497`		`-`
`498`	`508`	`C.mbedtls_ssl_set_bio(&s.ssl, &s.server_fd, C.mbedtls_net_send, C.mbedtls_net_recv,`
`499`	`509`	`C.mbedtls_net_recv_timeout)`
`500`		`-`
`501`	`510`	`s.handle = s.server_fd.fd`
`502`		`-`
`503`	`511`	`ret = C.mbedtls_ssl_handshake(&s.ssl)`
`504`	`512`	`if ret != 0 {`
`505`		`- return error_with_code('SSL handshake failed', ret)`
	`513`	`+ return error_with_code('net.mbedtls SSLConn.dial, mbedtls_ssl_handshake failed 3; ret: ${ret}',`
	`514`	`+ ret)`
`506`	`515`	`}`
`507`		`-`
`508`	`516`	`s.opened = true`
`509`	`517`	`}`
`510`	`518`
`@@ -568,14 +576,14 @@ pub fn (mut s SSLConn) socket_read_into_ptr(buf_ptr &u8, len int) !int {`
`568`	`576`	`$if trace_ssl ? {`
`569`	`577`	`eprintln('${@METHOD} ---> res: could not read using SSL')`
`570`	`578`	`}`
`571`		`- return error_with_code('Could not read using SSL', res)`
	`579`	`+ return error_with_code('net.mbedtls SSLConn.socket_read_into_ptr, could not read using SSL',`
	`580`	`+ res)`
`572`	`581`	`}`
`573`	`582`	`}`
`574`	`583`	`}`
`575`	`584`	`}`
`576`		`-`
`577`		`- // Dead code, for the compiler to pass`
`578`		`- return error('Unknown error')`
	`585`	`+ // Dead code, just to satisfy the compiler:`
	`586`	`+ return error('net.mbedtls SSLConn.socket_read_into_ptr, unknown error')`
`579`	`587`	`}`
`580`	`588`
`581`	`589`	// read reads data from the ssl connection into `buffer`
`@@ -616,7 +624,8 @@ pub fn (mut s SSLConn) write_ptr(bytes &u8, len int) !int {`
`616`	`624`	`$if trace_ssl ? {`
`617`	`625`	`eprintln('${@METHOD} ---> res: could not write SSL, sent: ${sent}')`
`618`	`626`	`}`
`619`		`- return error_with_code('Could not write using SSL', sent)`
	`627`	`+ return error_with_code('net.mbedtls SSLConn.write_ptr, could not write using SSL',`
	`628`	`+ sent)`
`620`	`629`	`}`
`621`	`630`	`}`
`622`	`631`	`}`
`@@ -682,7 +691,7 @@ fn select(handle int, test Select, timeout time.Duration) !bool {`
`682`	`691`	`remaining_time = (deadline - time.now()).milliseconds()`
`683`	`692`	`continue`
`684`	`693`	`}`
`685`		`- return error_with_code('Select failed: ${res}', C.errno)`
	`694`	`+ return error_with_code('net.mbedtls select, failed, res: ${res}', C.errno)`
`686`	`695`	`} else if res == 0 {`
`687`	`696`	`return net.err_timed_out`
`688`	`697`	`}`