When DEBUG=1, log why we fail to log in to a token

Use PORT_ErrorToName() to let us print an error name instead of an error
code in a couple of debug messages, since in practice we just end up
looking up the code in <secerr.h> anyway.

diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c
index f9e9b979aa305256d1d25d40ea785dd6ee0e3f17..b1f04732c6523db998bf1d073c66337f1d687d09 100644 (file)
--- a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c
+++ b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c
@@ -1911,8 +1911,9 @@ cert_load_ca_certs_from_slot(krb5_context context,
                  __FUNCTION__, PK11_GetTokenName(slot));
         if (PK11_Authenticate(slot, PR_TRUE,
                               crypto_pwcb_prep(id, context)) != SECSuccess) {
-            pkiDebug("%s: error logging into \"%s\", skipping\n",
-                     __FUNCTION__, PK11_GetTokenName(slot));
+            pkiDebug("%s: error logging into \"%s\": %s, skipping\n",
+                     __FUNCTION__, PK11_GetTokenName(slot),
+                     PORT_ErrorToName(PORT_GetError()));
             return SECFailure;
         }
     }
@@ -1983,8 +1984,9 @@ cert_load_certs_with_keys_from_slot(krb5_context context,
         if (PK11_Authenticate(slot, PR_TRUE,
                               crypto_pwcb_prep(id_cryptoctx,
                                                context)) != SECSuccess) {
-            pkiDebug("%s: error logging into \"%s\", skipping\n",
-                     __FUNCTION__, PK11_GetTokenName(slot));
+            pkiDebug("%s: error logging into \"%s\": %s, skipping\n",
+                     __FUNCTION__, PK11_GetTokenName(slot),
+                     PORT_ErrorToName(PORT_GetError()));
             return ENOMEM;
         }
     }