[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Ambiguous SSL/TLS error messages from slapd

To: "Howard Chu" <hyc@symas.com>
Subject: Re: Ambiguous SSL/TLS error messages from slapd
From: masarati@aero.polimi.it
Date: Fri, 19 Feb 2010 22:15:07 +0100 (CET)
Cc: "Brian A. Seklecki " <seklecki@noc.cfi.pgh.pa.us>"@spmsrv.aero.polimi.it, spolyack@comcast.net, openldap-software@openldap.org, bseklecki@noc.cfi.pgh.pa.us
Importance: Normal
In-reply-to: <4B7EC18F.8090605@symas.com>
References: <4B7DCA15.3040604@noc.cfi.pgh.pa.us> <4B7EC18F.8090605@symas.com>
User-agent: SquirrelMail/1.4.15

> Brian A. Seklecki (CFI NOC) wrote:
>> Steve, I agree:
>>
>>
>>     This error gets printed with "-1" under too many
>>     conditions.  Just look at:
>>        libraries/libldap/tls2.c::ldap_pvt_tls_set_option()
>>
>>     RC Return Code -1 could happen in about a dozen places.
>>
>>     I think we need to take a two step approach to fixing this:
>>
>>     1) Long term, implement OpenSSL's err(3)
>
> What are you talking about? tlso_report_error() already prints the OpenSSL
> error messages. All OpenSSL error messages have been fully logged, for
> years.

I think I see the issue: tlso_report_error() uses libldap's Debug(), which
does not hit syslog.  We only see TLS logs with -d stats.

p.

References:
- Re: Ambiguous SSL/TLS error messages from slapd
  - From: "Brian A. Seklecki (CFI NOC)" <seklecki@noc.cfi.pgh.pa.us>
- Re: Ambiguous SSL/TLS error messages from slapd
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: Ambiguous SSL/TLS error messages from slapd
Next by Date: Re: Ambiguous SSL/TLS error messages from slapd
Index(es):
- Chronological
- Thread