From 2bd410d0024cec9445c1aa1a4c28875b92ad74b2 Mon Sep 17 00:00:00 2001 From: Graham Leggett Date: Jun 16 2016 11:34:11 +0000 Subject: Add underlying diagnostic message for SSL errors. Resolves: https://fedorahosted.org/sssd/ticket/3005 Reviewed-by: Pavel Březina --- diff --git a/src/util/sss_ldap.c b/src/util/sss_ldap.c index 7fdaadb..e431d4e 100644 --- a/src/util/sss_ldap.c +++ b/src/util/sss_ldap.c @@ -200,8 +200,10 @@ static void sss_ldap_init_sys_connect_done(struct tevent_req *subreq) struct tevent_req); struct sss_ldap_init_state *state = tevent_req_data(req, struct sss_ldap_init_state); + char *tlserr; int ret; int lret; + int optret; ret = sssd_async_socket_init_recv(subreq, &state->sd); talloc_zfree(subreq); @@ -228,8 +230,23 @@ static void sss_ldap_init_sys_connect_done(struct tevent_req *subreq) if (lret == LDAP_LOCAL_ERROR) { DEBUG(SSSDBG_FUNC_DATA, "TLS/SSL already in place.\n"); } else { - DEBUG(SSSDBG_CRIT_FAILURE, "ldap_install_tls failed: %s\n", + + optret = sss_ldap_get_diagnostic_msg(state, state->ldap, + &tlserr); + if (optret == LDAP_SUCCESS) { + DEBUG(SSSDBG_CRIT_FAILURE, + "ldap_install_tls failed: [%s] [%s]\n", + sss_ldap_err2string(lret), tlserr); + sss_log(SSS_LOG_ERR, + "Could not start TLS encryption. %s", tlserr); + } else { + DEBUG(SSSDBG_CRIT_FAILURE, + "ldap_install_tls failed: [%s]\n", sss_ldap_err2string(lret)); + sss_log(SSS_LOG_ERR, "Could not start TLS encryption. " + "Check for certificate issues."); + } + ret = EIO; goto fail; }