NSS: Log an error message when SSL_ExportKeyingMaterial() fails

Diagnostic for 29241.

changes/29241_diagnostic

@@ -0,0 +1,4 @@
+  o Minor features (NSS, diagnostic):
+    - Try to log an error from NSS (if there is any) and a more useful
+      description of our situation if we are using NSS and a call to
+      SSL_ExportKeyingMaterial() fails.  Diagnostic for ticket 29241.

src/lib/tls/tortls_nss.c

@@ -726,10 +726,18 @@ tor_tls_export_key_material,(tor_tls_t *tls, uint8_t *secrets_out,
   tor_assert(context_len <= UINT_MAX);
 
   SECStatus s;
+  /* Make sure that the error code is set here, so that we can be sure that
+   * any error code set after a failure was in fact caused by
+   * SSL_ExportKeyingMaterial. */
+  PR_SetError(PR_UNKNOWN_ERROR, 0);
   s = SSL_ExportKeyingMaterial(tls->ssl,
                                label, (unsigned)strlen(label),
                                PR_TRUE, context, (unsigned)context_len,
                                secrets_out, DIGEST256_LEN);
+  if (s != SECSuccess) {
+    tls_log_errors(tls, LOG_WARN, LD_CRYPTO,
+                   "exporting key material for a TLS handshake");
+  }
 
   return (s == SECSuccess) ? 0 : -1;
 }