From patchwork Tue Jan 8 17:27:41 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chuck Lever X-Patchwork-Id: 210451 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from userp1040.oracle.com (userp1040.oracle.com [156.151.31.81]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "userp1040.oracle.com", Issuer "VeriSign Class 3 International Server CA - G3" (not verified)) by ozlabs.org (Postfix) with ESMTPS id 6A2B42C0085 for ; Wed, 9 Jan 2013 04:27:50 +1100 (EST) Received: from acsinet21.oracle.com (acsinet21.oracle.com [141.146.126.237]) by userp1040.oracle.com (Sentrion-MTA-4.2.2/Sentrion-MTA-4.2.2) with ESMTP id r08HRkto029630 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 8 Jan 2013 17:27:47 GMT Received: from oss.oracle.com (oss-external.oracle.com [137.254.96.51]) by acsinet21.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id r08HRkvo008842 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 8 Jan 2013 17:27:46 GMT Received: from localhost ([127.0.0.1] helo=oss.oracle.com) by oss.oracle.com with esmtp (Exim 4.63) (envelope-from ) id 1Tscxm-0001Gm-BY; Tue, 08 Jan 2013 09:27:46 -0800 Received: from acsinet21.oracle.com ([141.146.126.237]) by oss.oracle.com with esmtp (Exim 4.63) (envelope-from ) id 1Tscxk-0001Gd-Ob for fedfs-utils-devel@oss.oracle.com; Tue, 08 Jan 2013 09:27:44 -0800 Received: from userp1030.oracle.com (userp1030.oracle.com [156.151.31.80]) by acsinet21.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id r08HRiOT008766 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Tue, 8 Jan 2013 17:27:44 GMT Received: from mail-ia0-f180.google.com (mail-ia0-f180.google.com [209.85.210.180]) by userp1030.oracle.com (Sentrion-MTA-4.2.2/Sentrion-MTA-4.2.2) with ESMTP id r08HRhD6015838 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=OK) for ; Tue, 8 Jan 2013 17:27:43 GMT Received: by mail-ia0-f180.google.com with SMTP id t4so591539iag.11 for ; Tue, 08 Jan 2013 09:27:43 -0800 (PST) X-Received: by 10.50.216.170 with SMTP id or10mr9840937igc.44.1357666063173; Tue, 08 Jan 2013 09:27:43 -0800 (PST) Received: from seurat.1015granger.net (adsl-99-26-161-222.dsl.sfldmi.sbcglobal.net. [99.26.161.222]) by mx.google.com with ESMTPS id eo7sm11127289igc.12.2013.01.08.09.27.42 (version=TLSv1/SSLv3 cipher=OTHER); Tue, 08 Jan 2013 09:27:42 -0800 (PST) From: Chuck Lever To: fedfs-utils-devel@oss.oracle.com Date: Tue, 08 Jan 2013 12:27:41 -0500 Message-ID: <20130108172741.65133.3193.stgit@seurat.1015granger.net> In-Reply-To: <20130108172057.65133.25145.stgit@seurat.1015granger.net> References: <20130108172057.65133.25145.stgit@seurat.1015granger.net> User-Agent: StGIT/0.14.3 MIME-Version: 1.0 X-Flow-Control-Info: class=Default reputation=ipRepBelow100 ip=209.85.210.180 ct-class=R5 ct-vol1=-88 ct-vol2=8 ct-vol3=7 ct-risk=49 ct-spam1=78 ct-spam2=6 ct-bulk=6 rcpts=1 size=1389 X-MM-CT-Classification: not spam X-MM-CT-RefID: str=0001.0A090208.50EC570F.014B,ss=1,re=0.000,fgs=0 Subject: [fedfs-utils] [PATCH 04/13] libnsdb: Improve diagnostic from ldap_start_tls_s(3) X-BeenThere: fedfs-utils-devel@oss.oracle.com X-Mailman-Version: 2.1.9 Precedence: list Reply-To: fedfs-utils Developers List-Id: fedfs-utils Developers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: fedfs-utils-devel-bounces@oss.oracle.com Errors-To: fedfs-utils-devel-bounces@oss.oracle.com X-Source-IP: acsinet21.oracle.com [141.146.126.237] To help administrators diagnose problems with NSDB x.509 certificates, improve the diagnostic messages generated during TLS session initialization. Signed-off-by: Chuck Lever --- src/libnsdb/ldap.c | 14 ++++++++++++-- 1 files changed, 12 insertions(+), 2 deletions(-) diff --git a/src/libnsdb/ldap.c b/src/libnsdb/ldap.c index e5e2133..c066d85 100644 --- a/src/libnsdb/ldap.c +++ b/src/libnsdb/ldap.c @@ -573,6 +573,7 @@ FedFsStatus nsdb_start_tls(LDAP *ld, const char *certfile, unsigned int *ldap_err) { int value, rc; + char *uri; /* Nothing to do if no certfile was provided */ if (certfile == NULL) @@ -596,11 +597,20 @@ nsdb_start_tls(LDAP *ld, const char *certfile, unsigned int *ldap_err) rc = ldap_start_tls_s(ld, NULL, NULL); if (rc != LDAP_SUCCESS) { - xlog(D_GENERAL, "%s: Failed to start TLS: %s", - __func__, ldap_err2string(rc)); + char *msg = NULL; + + ldap_get_option(ld, LDAP_OPT_DIAGNOSTIC_MESSAGE, (void *)&msg); + xlog(D_GENERAL, "%s: %s", __func__, msg); + ldap_memfree(msg); goto out_ldap_err; } + if (ldap_get_option(ld, LDAP_OPT_URI, &uri) == LDAP_OPT_SUCCESS) { + xlog(D_CALL, "%s: START_TLS succeeded for %s", + __func__, uri); + ldap_memfree(uri); + } else + xlog(D_CALL, "%s: START_TLS succeeded", __func__); return FEDFS_OK; out_ldap_err: