[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP cannot start if some TLS cert value gets invalid



On 12/2/2012 11:58 ÎÎ, Michael StrÃder wrote:

So back-config could check whether the TLS file parameter point to correct files (certs and keys) and refuse to change the attribute value.
Right. Should I file an ITS for it?

Still you can shoot yourself in the foot by moving away the files afterwards...
Of course... In such cases, a clearer message in the logs, like "File 
/path/to/key.pem not found" would help very much. Current single 
message: "main: TLS init def ctx failed: -1" does imply that something 
is wrong with TLS config, esp. if it was working before, yet a more 
specific message would be valuable. Perhaps one can increase debug level 
and get more info, but I feel standard messages should avoid being cryptic.
Regards,
Nick