Hello list.
People from SSSD would like to have a better information when some TLS operation in OpenLDAP library fails, instead of a general LDAP_CONNECT_ERROR. I already mentioned it on this list some time ago: http://www.openldap.org/lists/openldap-devel/201105/msg00011.html
I can write a patch for this, but I would like to discuss it with you before.
I already tried something. I added LDAP_TLS_INITIALIZATION_ERROR (-19) and LDAP_TLS_NEGOTIATION_ERROR (-20) API error codes and slightly modified the TLS code in OpenLDAP to propagate the errors. These two new error codes are sufficient for SSSD.
Currently I have covered only the code for Mozilla NSS backend and it still needs some tunings. I would like to know, if adding the error codes this way is acceptable. Should I proceed? Or should it be done a different way?
Thanks & regards,
Jan