To help administrators diagnose problems with NSDB x.509 certificates, improve the diagnostic messages generated during TLS session initialization.
Signed-off-by: Chuck Lever <[email protected]> --- src/libnsdb/ldap.c | 14 ++++++++++++-- 1 files changed, 12 insertions(+), 2 deletions(-) diff --git a/src/libnsdb/ldap.c b/src/libnsdb/ldap.c index e5e2133..c066d85 100644 --- a/src/libnsdb/ldap.c +++ b/src/libnsdb/ldap.c @@ -573,6 +573,7 @@ FedFsStatus nsdb_start_tls(LDAP *ld, const char *certfile, unsigned int *ldap_err) { int value, rc; + char *uri; /* Nothing to do if no certfile was provided */ if (certfile == NULL) @@ -596,11 +597,20 @@ nsdb_start_tls(LDAP *ld, const char *certfile, unsigned int *ldap_err) rc = ldap_start_tls_s(ld, NULL, NULL); if (rc != LDAP_SUCCESS) { - xlog(D_GENERAL, "%s: Failed to start TLS: %s", - __func__, ldap_err2string(rc)); + char *msg = NULL; + + ldap_get_option(ld, LDAP_OPT_DIAGNOSTIC_MESSAGE, (void *)&msg); + xlog(D_GENERAL, "%s: %s", __func__, msg); + ldap_memfree(msg); goto out_ldap_err; } + if (ldap_get_option(ld, LDAP_OPT_URI, &uri) == LDAP_OPT_SUCCESS) { + xlog(D_CALL, "%s: START_TLS succeeded for %s", + __func__, uri); + ldap_memfree(uri); + } else + xlog(D_CALL, "%s: START_TLS succeeded", __func__); return FEDFS_OK; out_ldap_err: _______________________________________________ fedfs-utils-devel mailing list [email protected] https://oss.oracle.com/mailman/listinfo/fedfs-utils-devel
