[fedfs-utils] [PATCH 04/13] libnsdb: Improve diagnostic from ldap_start_tls_s(3)
Chuck Lever
chuck.lever at oracle.com
Tue Jan 8 09:27:41 PST 2013
To help administrators diagnose problems with NSDB x.509
certificates, improve the diagnostic messages generated during TLS
session initialization.
Signed-off-by: Chuck Lever <chuck.lever at oracle.com>
---
src/libnsdb/ldap.c | 14 ++++++++++++--
1 files changed, 12 insertions(+), 2 deletions(-)
diff --git a/src/libnsdb/ldap.c b/src/libnsdb/ldap.c
index e5e2133..c066d85 100644
--- a/src/libnsdb/ldap.c
+++ b/src/libnsdb/ldap.c
@@ -573,6 +573,7 @@ FedFsStatus
nsdb_start_tls(LDAP *ld, const char *certfile, unsigned int *ldap_err)
{
int value, rc;
+ char *uri;
/* Nothing to do if no certfile was provided */
if (certfile == NULL)
@@ -596,11 +597,20 @@ nsdb_start_tls(LDAP *ld, const char *certfile, unsigned int *ldap_err)
rc = ldap_start_tls_s(ld, NULL, NULL);
if (rc != LDAP_SUCCESS) {
- xlog(D_GENERAL, "%s: Failed to start TLS: %s",
- __func__, ldap_err2string(rc));
+ char *msg = NULL;
+
+ ldap_get_option(ld, LDAP_OPT_DIAGNOSTIC_MESSAGE, (void *)&msg);
+ xlog(D_GENERAL, "%s: %s", __func__, msg);
+ ldap_memfree(msg);
goto out_ldap_err;
}
+ if (ldap_get_option(ld, LDAP_OPT_URI, &uri) == LDAP_OPT_SUCCESS) {
+ xlog(D_CALL, "%s: START_TLS succeeded for %s",
+ __func__, uri);
+ ldap_memfree(uri);
+ } else
+ xlog(D_CALL, "%s: START_TLS succeeded", __func__);
return FEDFS_OK;
out_ldap_err:
More information about the fedfs-utils-devel
mailing list