#48781 [Patch] Vague error message: setup_ol_tls_conn - failed: unable to create new TLS context
Closed: Fixed None Opened 3 years ago by minfrin.

While 389ds cannot configure secure replication, the following message is logged:

[30/Mar/2016:20:39:18 +0000] setup_ol_tls_conn - failed: unable to create new TLS context
[30/Mar/2016:20:39:18 +0000] slapi_ldap_bind - Error: could not configure the server for cert auth - error -1 - make sure the server is correctly configured for SSL/TLS

The error code returned by ldap_set_option() is discarded, and the error message gives no indication as to what the cause of the error was.

Fix is attached.

Fix is as follows:

diff --git a/ldap/servers/slapd/ldaputil.c b/ldap/servers/slapd/ldaputil.c
index 9281e20..e62d1f2 100644
--- a/ldap/servers/slapd/ldaputil.c
+++ b/ldap/servers/slapd/ldaputil.c
@@ -608,7 +608,7 @@ setup_ol_tls_conn(LDAP ld, int clientauth)
that optval is ignored - what matters is that it is not NULL
if ((rc = ldap_set_option(ld, LDAP_OPT_X_TLS_NEWCTX, &optval))) {
slapi_log_error(SLAPI_LOG_FATAL, "setup_ol_tls_conn",
- "failed: unable to create new TLS context\n");
+ "failed: unable to create new TLS context - %d\n", rc);

 return rc;


Thanks for providing the patch, minfrin. Could it be possible to make a git patch file from your source tree? That way, we could just push it with your signature.

Include the underlying error code to the message "failed: unable to create new TLS context"

Just added it, thanks for confirming.

Thank you for providing the patch, Graham! Reviewed by nhosoi@redhat.com.

Pushed the patch to master.
46dbd62..696e29b master -> master
commit 696e29b
Author: Graham Leggett minfrin@sharp.fm
Date: Wed Mar 30 23:20:51 2016 +0200

Metadata Update from @nhosoi:
- Issue set to the milestone:

2 years ago

Login to comment on this ticket.