From aab48f0dbe219d0077aa5c0f5dea95e566dfb7f4 Mon Sep 17 00:00:00 2001
From: Igor Artamonov <1994.aik@gmail.com>
Date: Fri, 1 May 2026 10:51:50 +0300
Subject: [PATCH] faketls: include real record type and peek bytes on handshake
 errors
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The previous error path used errors.Wrap(err, "unexpected record type")
inside type-mismatch branches where err was already nil. With
go-faster/errors that produced a wrapError with no cause and no detail,
making the user-visible message "unexpected record type" useless for
diagnostics — there was no way to tell what mtg actually sent.

Switch to errors.Errorf with the actual received byte and a 32-byte
hex peek of the read buffer. Also wrap the read-error path with the
same peek so a partial response is visible.

This is a diagnostic-only change; the parser semantics are unchanged.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 pkg/gotd/mtproxy/faketls/server_hello.go | 20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/pkg/gotd/mtproxy/faketls/server_hello.go b/pkg/gotd/mtproxy/faketls/server_hello.go
index ff148dad..abda1f48 100644
--- a/pkg/gotd/mtproxy/faketls/server_hello.go
+++ b/pkg/gotd/mtproxy/faketls/server_hello.go
@@ -4,11 +4,20 @@ import (
 	"bytes"
 	"crypto/hmac"
 	"crypto/sha256"
+	"encoding/hex"
 	"io"
 
 	"github.com/go-faster/errors"
 )
 
+// peekDump returns up to n bytes from the start of buf as a hex string for diagnostics.
+func peekDump(buf []byte, n int) string {
+	if len(buf) < n {
+		n = len(buf)
+	}
+	return hex.EncodeToString(buf[:n])
+}
+
 // readServerHello reads faketls ServerHello.
 func readServerHello(r io.Reader, clientRandom [32]byte, secret []byte) error {
 	packetBuf := bytes.NewBuffer(nil)
@@ -16,10 +25,11 @@ func readServerHello(r io.Reader, clientRandom [32]byte, secret []byte) error {
 
 	handshake, err := readRecord(r)
 	if err != nil {
-		return errors.Wrap(err, "handshake record")
+		return errors.Wrapf(err, "handshake record (peek=%s)", peekDump(packetBuf.Bytes(), 32))
 	}
 	if handshake.Type != RecordTypeHandshake {
-		return errors.Wrap(err, "unexpected record type")
+		return errors.Errorf("unexpected handshake record type: got 0x%02x, want 0x%02x (peek=%s)",
+			byte(handshake.Type), byte(RecordTypeHandshake), peekDump(packetBuf.Bytes(), 32))
 	}
 
 	changeCipher, err := readRecord(r)
@@ -27,7 +37,8 @@ func readServerHello(r io.Reader, clientRandom [32]byte, secret []byte) error {
 		return errors.Wrap(err, "change cipher record")
 	}
 	if changeCipher.Type != RecordTypeChangeCipherSpec {
-		return errors.Wrap(err, "unexpected record type")
+		return errors.Errorf("unexpected change cipher record type: got 0x%02x, want 0x%02x",
+			byte(changeCipher.Type), byte(RecordTypeChangeCipherSpec))
 	}
 
 	cert, err := readRecord(r)
@@ -35,7 +46,8 @@ func readServerHello(r io.Reader, clientRandom [32]byte, secret []byte) error {
 		return errors.Wrap(err, "cert record")
 	}
 	if cert.Type != RecordTypeApplication {
-		return errors.Wrap(err, "unexpected record type")
+		return errors.Errorf("unexpected application record type: got 0x%02x, want 0x%02x",
+			byte(cert.Type), byte(RecordTypeApplication))
 	}
 
 	// `$record_header = type 1 byte + version 2 bytes + payload_length 2 bytes = 5 bytes`