nts: log early client NTS-KE socket errors

Log an error message when SCK_OpenTcpSocket() fails in the NTS-KE
client, e.g. when connect() fails due to the port not being allowed in
the SELinux policy.

diff --git a/nts_ke_client.c b/nts_ke_client.c
index 604bbc5b78fa3e37ee9f1721b0d55a883a2a5902..fbde1ddfb0842e0eb77d1e4ccc5c07a0d62a1e94 100644 (file)
--- a/nts_ke_client.c
+++ b/nts_ke_client.c
@@ -335,15 +335,17 @@ NKC_Start(NKC_Instance inst)
   local_addr.port = 0;
   iface = CNF_GetBindAcquisitionInterface();
 
-  sock_fd = SCK_OpenTcpSocket(&inst->address, &local_addr, iface, 0);
-  if (sock_fd < 0)
-    return 0;
-
   /* Make a label containing both the address and name of the server */
   if (snprintf(label, sizeof (label), "%s (%s)",
                UTI_IPSockAddrToString(&inst->address), inst->name) >= sizeof (label))
     ;
 
+  sock_fd = SCK_OpenTcpSocket(&inst->address, &local_addr, iface, 0);
+  if (sock_fd < 0) {
+    LOG(LOGS_ERR, "Could not connect to %s", label);
+    return 0;
+  }
+
   /* Start an NTS-KE session */
   if (!NKSN_StartSession(inst->session, sock_fd, label, client_credentials, CLIENT_TIMEOUT)) {
     SCK_CloseSocket(sock_fd);