When writing test drivers for security-related middleware OpenSSL is a real pain because of its insufficient and sometimes misleading error messages. E.g. "SSL3_READ_BYTES:sslv3 alert bad certificate" gives no clue whether the certificate is expired, path validation failed or a certificate is corrupt. Other software packages that are based on OpenSSL sometime blame OpenSSL for poor error reporting.

Is yaSSL an alternative with better error reporting? Would error reporting be better if using the compatibility layer?

- Rainer