[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6477) Clarify ambiguous TLS/SSL Errors in libldap/tls2c.

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#6477) Clarify ambiguous TLS/SSL Errors in libldap/tls2c.
From: korvus@comcast.net
Date: Mon, 8 Mar 2010 16:19:11 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

After some chatter on the mailing list, the problem is now understood:
- TLS error messages are indeed reported by OpenLDAP:
  TLS: could not use key file `/usr/local/etc/openldap/certs/ldap.key.pem'.
  TLS: error:0200100D:system library:fopen:Permission denied 
/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:356
   TLS: error:20074002:BIO routines:FILE_CTRL:system lib 
/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/bio/bss_file.c:358
  TLS: error:140B0002:SSL routines:SSL_CTX_use_PrivateKey_file:system 
lib /usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/ssl_rsa.c:648

- The only way to see these error messages is to start the daemon with 
'-d stats'
-- Setting 'loglevel stats' in slapd.conf will not cause these error 
messages to be printed.  They only appear if the daemon is started in 
foreground mode with '-d stats'.

My suggestions: print the TLS error messages out to syslog, or if that's 
not possible, print them to stdout regardless of whether the daemon is 
running in the foreground or not.

Prev by Date: (ITS#6488) Nssov updates for new versions of nss-pam-ldapd
Next by Date: Re: (ITS#6477) Clarify ambiguous TLS/SSL Errors in libldap/tls2c.
Index(es):
- Chronological
- Thread