[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP cannot start if some TLS cert value gets invalid

On 12/2/2012 11:58 ÎÎ, Michael StrÃder wrote:

So back-config could check whether the TLS file parameter point to correct files (certs and keys) and refuse to change the attribute value.

Right. Should I file an ITS for it?

Still you can shoot yourself in the foot by moving away the files afterwards...

Of course... In such cases, a clearer message in the logs, like "File /path/to/key.pem not found" would help very much. Current single message: "main: TLS init def ctx failed: -1" does imply that something is wrong with TLS config, esp. if it was working before, yet a more specific message would be valuable. Perhaps one can increase debug level and get more info, but I feel standard messages should avoid being cryptic.