12 Feb
2012
12 Feb
'12
11:22 p.m.
On 12/2/2012 11:58 μμ, Michael Ströder wrote:
So back-config could check whether the TLS file parameter point to correct files (certs and keys) and refuse to change the attribute value.
Right. Should I file an ITS for it?
Still you can shoot yourself in the foot by moving away the files afterwards...
Of course... In such cases, a clearer message in the logs, like "File /path/to/key.pem not found" would help very much. Current single message: "main: TLS init def ctx failed: -1" does imply that something is wrong with TLS config, esp. if it was working before, yet a more specific message would be valuable. Perhaps one can increase debug level and get more info, but I feel standard messages should avoid being cryptic.
Regards, Nick