lib-ssl-iostream: Give better error message if CA settings are missing.

diff --git a/src/lib-ssl-iostream/iostream-openssl-context.c b/src/lib-ssl-iostream/iostream-openssl-context.c
index 4a469ec3e2f88c7af042e4f6e02e923679c7a5f2..2d2c7d8edcb029a4fad7554b20f0f19b70f63c1a 100644 (file)
--- a/src/lib-ssl-iostream/iostream-openssl-context.c
+++ b/src/lib-ssl-iostream/iostream-openssl-context.c
@@ -349,7 +349,9 @@ ssl_iostream_context_load_ca(struct ssl_iostream_context *ctx,
        }
 
        if (!have_ca) {
-               *error_r = "Can't verify remote certs without CA";
+               *error_r = !ctx->client_ctx ?
+                       "Can't verify remote client certs without CA (ssl_ca setting)" :
+                       "Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings)";
                return -1;
        }
        return 0;