diff options
| author | Graham Leggett <minfrin@sharp.fm> | 2016-06-09 15:27:34 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2016-06-16 13:34:11 +0200 |
| commit | 2bd410d0024cec9445c1aa1a4c28875b92ad74b2 (patch) | |
| tree | f410a981ac497cb989be39312be906cf87abce36 /src | |
| parent | d9e88bddc99bae0542b2179c9b94c968855b0fd0 (diff) | |
| download | sssd-2bd410d0024cec9445c1aa1a4c28875b92ad74b2.tar.gz sssd-2bd410d0024cec9445c1aa1a4c28875b92ad74b2.tar.xz sssd-2bd410d0024cec9445c1aa1a4c28875b92ad74b2.zip | |
Add underlying diagnostic message for SSL errors.
Resolves:
https://fedorahosted.org/sssd/ticket/3005
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Diffstat (limited to 'src')
| -rw-r--r-- | src/util/sss_ldap.c | 19 |
1 files changed, 18 insertions, 1 deletions
diff --git a/src/util/sss_ldap.c b/src/util/sss_ldap.c index 7fdaadb5c..e431d4ebc 100644 --- a/src/util/sss_ldap.c +++ b/src/util/sss_ldap.c @@ -200,8 +200,10 @@ static void sss_ldap_init_sys_connect_done(struct tevent_req *subreq) struct tevent_req); struct sss_ldap_init_state *state = tevent_req_data(req, struct sss_ldap_init_state); + char *tlserr; int ret; int lret; + int optret; ret = sssd_async_socket_init_recv(subreq, &state->sd); talloc_zfree(subreq); @@ -228,8 +230,23 @@ static void sss_ldap_init_sys_connect_done(struct tevent_req *subreq) if (lret == LDAP_LOCAL_ERROR) { DEBUG(SSSDBG_FUNC_DATA, "TLS/SSL already in place.\n"); } else { - DEBUG(SSSDBG_CRIT_FAILURE, "ldap_install_tls failed: %s\n", + + optret = sss_ldap_get_diagnostic_msg(state, state->ldap, + &tlserr); + if (optret == LDAP_SUCCESS) { + DEBUG(SSSDBG_CRIT_FAILURE, + "ldap_install_tls failed: [%s] [%s]\n", + sss_ldap_err2string(lret), tlserr); + sss_log(SSS_LOG_ERR, + "Could not start TLS encryption. %s", tlserr); + } else { + DEBUG(SSSDBG_CRIT_FAILURE, + "ldap_install_tls failed: [%s]\n", sss_ldap_err2string(lret)); + sss_log(SSS_LOG_ERR, "Could not start TLS encryption. " + "Check for certificate issues."); + } + ret = EIO; goto fail; } |