Re: OpenLDAP cannot start if some TLS cert value gets invalid

[Nick Milas <nick@eurobjects.com>]

On 12/2/2012 11:58 ÎÎ, Michael StrÃder wrote:

> So back-config could check whether the TLS file parameter point to 
> correct files (certs and keys) and refuse to change the attribute value. 

Right. Should I file an ITS for it?

> Still you can shoot yourself in the foot by moving away the files 
> afterwards... 

Of course... In such cases, a clearer message in the logs, like "File 
/path/to/key.pem not found" would help very much. Current single 
message: "main: TLS init def ctx failed: -1" does imply that something 
is wrong with TLS config, esp. if it was working before, yet a more 
specific message would be valuable. Perhaps one can increase debug level 
and get more info, but I feel standard messages should avoid being cryptic.

Regards,
Nick