Description:
if there is an error in the REQUIRE ISSUER as per http://dev.mysql.com/doc/refman/5.0/en/grant.html, only 

<<ERROR 1045 (28000): Access denied for user 'psdb'@'localhost' (using password: YES)>>

as per Bug #3138 , it would be great to know
a) whether SSL was used at all
b) whether the issuer string was wrong
c) the certificate was expired
d) the ca cert was expired
...

How to repeat:
put a wrong ISSUE statement

Suggested fix:
provide a specific error message

see also Bug #20900 for a possible reason - btw, is there a server-side (openssl) log where I might see the reason for each denied (similar to PAM's /var/log/secure) authentication

ok, found /var/log/mysqld.err , but the client side messages still should be improved

Giving detailed feedback to clients on authentication errors 
is a bad idea as it provides potential attackers with extra
information. 

So we might consider telling whether SSL was used or not 
but i don't think we should expose any of the other requested
information items to a client.

Agreed, don't send the info back what is required, but at least what you have found (quite some users plan to use one certificate/key pair but in the confusion around openssl mix it up and in fact use another one...)
- this can save them a lot of time...

What you are asking for sounds as a feature request for me. And I am not sure that this feature should be implemented, for the reasons Hartmut already presented.

As said, Hartmut is right not disclose anything that facilitates server config discovery.

On the other hand, by simply doing nothing, you do a bad service to security because there will be other errors like bug #20900 I would have found a lot quicker if the error message had been more user-friendly. What is likely to happen is that people are getting unneccessarily frustrated with our openssl solution and end up not using client certificates for authentication altogether :(

see also Bug #21565 for server-side issues 
and Bug #19870 for the query browser broader issue