wrap native wolfSSL_ERR_error_string(), fix do_handshake SSLError exception

Author: cconlon

src/wolfssl/__init__.py

@@ -650,7 +650,17 @@ def do_handshake(self, block=False):  # pylint: disable=unused-argument
             elif err == _SSL_ERROR_WANT_WRITE:
                 raise SSLWantWriteError()
             else:
-                raise SSLError("do_handshake failed with error %d" % err)
+                eBuf = _ffi.new("char[80]")
+                eStr = _ffi.string(_lib.wolfSSL_ERR_error_string(err, eBuf))
+
+                if 'ASN no signer error to confirm' in eStr or err is -188:
+                    # Some Python ssl consumers explicitly check error message
+                    # for 'certificate verify failed'
+                    raise SSLError("do_handshake failed with error %d, "
+                                   "certificate verify failed" % err)
+
+                raise SSLError("do_handshake failed with error %d: %s" %
+                               (err, eStr))
 
     def _real_connect(self, addr, connect_ex):
         if self.server_side:

src/wolfssl/_build_ffi.py

@@ -24,7 +24,6 @@
 
 from distutils.util import get_platform
 from cffi import FFI
-from wolfssl.__about__ import __wolfssl_version__ as version
 from wolfssl._build_wolfssl import wolfssl_inc_path, wolfssl_lib_path
 
 ffi = FFI()
@@ -95,6 +94,7 @@
 
     int wolfSSL_set_fd(void*, int);
     int wolfSSL_get_error(void*, int);
+    char* wolfSSL_ERR_error_string(int, char*);
     int wolfSSL_negotiate(void*);
     int wolfSSL_connect(void*);
     int wolfSSL_accept(void*);

src/wolfssl/_build_wolfssl.py

@@ -23,6 +23,7 @@
 import subprocess
 from contextlib import contextmanager
 from distutils.util import get_platform
+from wolfssl.__about__ import __wolfssl_version__ as version
 
 
 def local_path(path):