Show useful errors.

#ifndef OPENSSL_NO_TLSEXT

	if (s_serverinfo_file != NULL

	    && !SSL_CTX_use_serverinfo_file(ctx, s_serverinfo_file))

		{

		ERR_print_errors(bio_err);

		goto end;

		}

	if (c_auth)

		{

		SSL_CTX_set_custom_srv_ext(ctx, TLSEXT_TYPE_client_authz, authz_tlsext_cb, authz_tlsext_generate_cb, bio_err);

#define SSL_R_BAD_AUTHENTICATION_TYPE			 102

#define SSL_R_BAD_CHANGE_CIPHER_SPEC			 103

#define SSL_R_BAD_CHECKSUM				 104

#define SSL_R_BAD_DATA					 390

#define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK		 106

#define SSL_R_BAD_DECOMPRESSION				 107

#define SSL_R_BAD_DH_G_LENGTH				 108

#define SSL_R_NO_COMPRESSION_SPECIFIED			 187

#define SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER		 330

#define SSL_R_NO_METHOD_SPECIFIED			 188

#define SSL_R_NO_PEM_EXTENSIONS				 389

#define SSL_R_NO_PRIVATEKEY				 189

#define SSL_R_NO_PRIVATE_KEY_ASSIGNED			 190

#define SSL_R_NO_PROTOCOLS_AVAILABLE			 191

#define SSL_R_PEER_ERROR_NO_CERTIFICATE			 202

#define SSL_R_PEER_ERROR_NO_CIPHER			 203

#define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE	 204

#define SSL_R_PEM_NAME_BAD_PREFIX			 391

#define SSL_R_PEM_NAME_TOO_SHORT			 392

#define SSL_R_PRE_MAC_LENGTH_TOO_LONG			 205

#define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS		 206

#define SSL_R_PROTOCOL_IS_SHUTDOWN			 207

{ERR_REASON(SSL_R_BAD_AUTHENTICATION_TYPE),"bad authentication type"},

{ERR_REASON(SSL_R_BAD_CHANGE_CIPHER_SPEC),"bad change cipher spec"},

{ERR_REASON(SSL_R_BAD_CHECKSUM)          ,"bad checksum"},

{ERR_REASON(SSL_R_BAD_DATA)              ,"bad data"},

{ERR_REASON(SSL_R_BAD_DATA_RETURNED_BY_CALLBACK),"bad data returned by callback"},

{ERR_REASON(SSL_R_BAD_DECOMPRESSION)     ,"bad decompression"},

{ERR_REASON(SSL_R_BAD_DH_G_LENGTH)       ,"bad dh g length"},

{ERR_REASON(SSL_R_NO_COMPRESSION_SPECIFIED),"no compression specified"},

{ERR_REASON(SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER),"Peer haven't sent GOST certificate, required for selected ciphersuite"},

{ERR_REASON(SSL_R_NO_METHOD_SPECIFIED)   ,"no method specified"},

{ERR_REASON(SSL_R_NO_PEM_EXTENSIONS)     ,"no pem extensions"},

{ERR_REASON(SSL_R_NO_PRIVATEKEY)         ,"no privatekey"},

{ERR_REASON(SSL_R_NO_PRIVATE_KEY_ASSIGNED),"no private key assigned"},

{ERR_REASON(SSL_R_NO_PROTOCOLS_AVAILABLE),"no protocols available"},

{ERR_REASON(SSL_R_PEER_ERROR_NO_CERTIFICATE),"peer error no certificate"},

{ERR_REASON(SSL_R_PEER_ERROR_NO_CIPHER)  ,"peer error no cipher"},

{ERR_REASON(SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE),"peer error unsupported certificate type"},

{ERR_REASON(SSL_R_PEM_NAME_BAD_PREFIX)   ,"pem name bad prefix"},

{ERR_REASON(SSL_R_PEM_NAME_TOO_SHORT)    ,"pem name too short"},

{ERR_REASON(SSL_R_PRE_MAC_LENGTH_TOO_LONG),"pre mac length too long"},

{ERR_REASON(SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS),"problems mapping cipher functions"},

{ERR_REASON(SSL_R_PROTOCOL_IS_SHUTDOWN)  ,"protocol is shutdown"},

			/* There must be at least one extension in this file */

			if (num_extensions == 0)

				{

				SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_PEM_LIB);

				SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, SSL_R_NO_PEM_EXTENSIONS);

				goto end;

				}

			else /* End of file, we're done */

		/* Check that PEM name starts with "BEGIN SERVERINFO FOR " */

		if (strlen(name) < strlen(namePrefix))

			{

			SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_PEM_LIB);

			SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, SSL_R_PEM_NAME_TOO_SHORT);

			goto end;

			}

		if (strncmp(name, namePrefix, strlen(namePrefix)) != 0)

			{

			SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_PEM_LIB);

			SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, SSL_R_PEM_NAME_BAD_PREFIX);

			goto end;

			}

		/* Check that the decoded PEM data is plausible (valid length field) */

		if (extension_length < 4 || (extension[2] << 8) + extension[3] != extension_length - 4)

			{

			SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_PEM_LIB);

			SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, SSL_R_BAD_DATA);

			goto end;

			}

		/* Append the decoded extension to the serverinfo buffer */