[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Ambiguous SSL/TLS error messages from slapd

> Brian A. Seklecki (CFI NOC) wrote:
>> Steve, I agree:
>>     This error gets printed with "-1" under too many
>>     conditions.  Just look at:
>>        libraries/libldap/tls2.c::ldap_pvt_tls_set_option()
>>     RC Return Code -1 could happen in about a dozen places.
>>     I think we need to take a two step approach to fixing this:
>>     1) Long term, implement OpenSSL's err(3)
> What are you talking about? tlso_report_error() already prints the OpenSSL
> error messages. All OpenSSL error messages have been fully logged, for
> years.

I think I see the issue: tlso_report_error() uses libldap's Debug(), which
does not hit syslog.  We only see TLS logs with -d stats.