> Brian A. Seklecki (CFI NOC) wrote: >> Steve, I agree: >> >> >> This error gets printed with "-1" under too many >> conditions. Just look at: >> libraries/libldap/tls2.c::ldap_pvt_tls_set_option() >> >> RC Return Code -1 could happen in about a dozen places. >> >> I think we need to take a two step approach to fixing this: >> >> 1) Long term, implement OpenSSL's err(3) > > What are you talking about? tlso_report_error() already prints the OpenSSL > error messages. All OpenSSL error messages have been fully logged, for > years.
I think I see the issue: tlso_report_error() uses libldap's Debug(), which does not hit syslog. We only see TLS logs with -d stats. p.
