https://bugs.openldap.org/show_bug.cgi?id=9474
--- Comment #4 from Simon Pichugin simon.pichugin@gmail.com --- Okay, after a deeper investigation we found that both ERR_peek_error() and ERR_peek_last_error() are empty when OpenSSL is interruted while doing read() or poll() so it's impossible to get the verbose info from ld->ld_error (as it's empty).
But we found a place where we can retrieve the error - 'errno'. After ldap_install_tls() fails, 'errno == EINTR' which describes exactly the cause.
So I'd like to change the purpose of this bug (or I can open a new one if you say me do so).
Could we please update doc/man/man3/ldap_tls.3 and describe there that the libldap caller can rely on 'errno' value if ldap_install_tls() just has failed?
I know that 'errno' can be changed in certain cases and we want to be sure that libldap won't change 'errno' after ldap_install_tls() failure. So we can use it safely and write something like this:
lret = ldap_install_tls(state->ldap); if (lret != LDAP_SUCCESS) { if (errno == EINTR) { /* we can retry later in certain cases */ DEBUG(SSSDBG_CRIT_FAILURE, "ldap_install_tls failed: connect was interrupted\n"); sss_log(SSS_LOG_ERR, "Could not start TLS encryption. [%d] [%s]", errno, strerror(errno)); ret = errno; goto fail; } else { /* more error processing with ld->ld_error */ ... } }
Should I suggest a patch for the man page? If you are okay with the approach...