[Date Prev][Date Next]
Re: OpenLDAP cannot start if some TLS cert value gets invalid
On 12/2/2012 11:58 ÎÎ, Michael StrÃder wrote:
So back-config could check whether the TLS file parameter point to
correct files (certs and keys) and refuse to change the attribute value.
Right. Should I file an ITS for it?
Still you can shoot yourself in the foot by moving away the files
Of course... In such cases, a clearer message in the logs, like "File
/path/to/key.pem not found" would help very much. Current single
message: "main: TLS init def ctx failed: -1" does imply that something
is wrong with TLS config, esp. if it was working before, yet a more
specific message would be valuable. Perhaps one can increase debug level
and get more info, but I feel standard messages should avoid being cryptic.