[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6477) Clarify ambiguous TLS/SSL Errors in libldap/tls2c.

After some chatter on the mailing list, the problem is now understood:
- TLS error messages are indeed reported by OpenLDAP:
  TLS: could not use key file `/usr/local/etc/openldap/certs/ldap.key.pem'.
  TLS: error:0200100D:system library:fopen:Permission denied 
   TLS: error:20074002:BIO routines:FILE_CTRL:system lib 
  TLS: error:140B0002:SSL routines:SSL_CTX_use_PrivateKey_file:system 
lib /usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/ssl_rsa.c:648

- The only way to see these error messages is to start the daemon with 
'-d stats'
-- Setting 'loglevel stats' in slapd.conf will not cause these error 
messages to be printed.  They only appear if the daemon is started in 
foreground mode with '-d stats'.

My suggestions: print the TLS error messages out to syslog, or if that's 
not possible, print them to stdout regardless of whether the daemon is 
running in the foreground or not.