[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: tls-related ldap_perror misleading in clients

To: Pierangelo Masarati <masarati@aero.polimi.it>
Subject: Re: tls-related ldap_perror misleading in clients
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Sun, 02 Sep 2001 01:36:06 -0700
Cc: openldap-devel@OpenLDAP.org
In-reply-to: <5.1.0.14.0.20010902012259.01b15e90@127.0.0.1>
References: <200109020748.f827mb905100@server.aero.polimi.it>

At 01:26 AM 2001-09-02, Kurt D. Zeilenga wrote:
>At 12:48 AM 2001-09-02, Pierangelo Masarati wrote:
>>Hi.
>>
>>I got a nasty behavior out of the clients when using -ZZ, because I was
>>having failure of the tls with reason ": Success". This is because the
>>failure occurred in ldap_int_tls_start() which didn't properly set the 
>>error in the LDAP structure. So ldap_start_tls_s returns an error code,
>>but when the ldap_perror is invoked by the ldap*.c client the string is
>>success. I fixed it by using ldap_err2string() instead of ldap_perror 
>>(which is deprecated in the code according to a comment); 
>>if there's consensus I'll patch all the clients.
>
>For now, this is likely the best solution.

Actually, use of just ldap_err2string() will not print the
server provided additional information.  So, I suggest using
ldap_get_option() to get the resultCode and error message.  If
resultCode is not success, then one can mimic ldap_perror()
(w/ error message).  If resultCode is success, then then a
similar error message should be printed using the
ldap_err2string().

Follow-Ups:
- RE: tls-related ldap_perror misleading in clients
  - From: "Howard Chu" <hyc@highlandsun.com>

References:
- tls-related ldap_perror misleading in clients
  - From: Pierangelo Masarati <masarati@aero.polimi.it>
- Re: tls-related ldap_perror misleading in clients
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Re: tls-related ldap_perror misleading in clients
Next by Date: RE: RFC 2830 TLS server identity checks
Index(es):
- Chronological
- Thread