From dc8c859b0ca0694513fdff9e97b4d9e4a4f8d9b3 Mon Sep 17 00:00:00 2001
From: opensignature <antonio@piumarossa.it>
Date: Sat, 30 Jul 2022 15:14:06 +0200
Subject: [PATCH] openssl: add details to "unable to set client certificate"
 error

from: "curl: (58) unable to set client certificate"

to: curl: (58) unable to set client certificate [error:0A00018F:SSL
routines::ee key too small]

Closes #9228
---
 .mailmap           | 1 +
 lib/vtls/openssl.c | 5 +++--
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/.mailmap b/.mailmap
index bfa0774c4b..e55d77efd3 100644
--- a/.mailmap
+++ b/.mailmap
@@ -93,3 +93,4 @@ Christian Schmitz <support@monkeybreadsoftware.de>
 Max Mehl <max.mehl@fsfe.org>
 rzrymiak on github <106121613+rzrymiak@users.noreply.github.com>
 Oliver Roberts <oliver@futaura.co.uk>
+opensignature on github <antonio@piumarossa.it>
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index 5a7a612407..c1be10516c 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -868,8 +868,9 @@ int cert_stuff(struct Curl_easy *data,
           }
 
           if(SSL_CTX_use_certificate(ctx, params.cert) != 1) {
-            failf(data, "unable to set client certificate");
-            X509_free(params.cert);
+            failf(data, "unable to set client certificate [%s]",
+                  ossl_strerror(ERR_get_error(), error_buffer,
+                                sizeof(error_buffer)));
             return 0;
           }
           X509_free(params.cert); /* we don't need the handle any more... */