[fedfs-utils] [PATCH 04/13] libnsdb: Improve diagnostic from ldap_start_tls_s(3)

[Chuck Lever]

To help administrators diagnose problems with NSDB x.509
certificates, improve the diagnostic messages generated during TLS
session initialization.

Signed-off-by: Chuck Lever <chuck.lever at oracle.com>
---

 src/libnsdb/ldap.c |   14 ++++++++++++--
 1 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/src/libnsdb/ldap.c b/src/libnsdb/ldap.c
index e5e2133..c066d85 100644
--- a/src/libnsdb/ldap.c
+++ b/src/libnsdb/ldap.c
@@ -573,6 +573,7 @@ FedFsStatus
 nsdb_start_tls(LDAP *ld, const char *certfile, unsigned int *ldap_err)
 {
 	int value, rc;
+	char *uri;
 
 	/* Nothing to do if no certfile was provided */
 	if (certfile == NULL)
@@ -596,11 +597,20 @@ nsdb_start_tls(LDAP *ld, const char *certfile, unsigned int *ldap_err)
 
 	rc = ldap_start_tls_s(ld, NULL, NULL);
 	if (rc != LDAP_SUCCESS) {
-		xlog(D_GENERAL, "%s: Failed to start TLS: %s",
-				__func__, ldap_err2string(rc));
+		char *msg = NULL;
+
+		ldap_get_option(ld, LDAP_OPT_DIAGNOSTIC_MESSAGE, (void *)&msg);
+		xlog(D_GENERAL, "%s: %s", __func__, msg);
+		ldap_memfree(msg);
 		goto out_ldap_err;
 	}
 
+	if (ldap_get_option(ld, LDAP_OPT_URI, &uri) == LDAP_OPT_SUCCESS) {
+		xlog(D_CALL, "%s: START_TLS succeeded for %s",
+			__func__, uri);
+		ldap_memfree(uri);
+	} else
+		xlog(D_CALL, "%s: START_TLS succeeded", __func__);
 	return FEDFS_OK;
 
 out_ldap_err: