Bug 2026613 - Windows PassSync should provide better diagnostic logging for SSL/TLS connections.
Summary: Windows PassSync should provide better diagnostic logging for SSL/TLS connect...
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Directory Server
Classification: Red Hat
Component: winsync
Version: 12.2
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: dirsrv-12.3
Assignee: LDAP Maintainers
QA Contact: LDAP QA Team
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-11-25 10:14 UTC by Anton Bobrov
Modified: 2023-07-28 08:57 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2023-07-28 08:57:29 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)

Description Anton Bobrov 2021-11-25 10:14:24 UTC
Description of problem:

Currently PassSync is not capable of providing useful diagnostic information to troubleshoot SSL/TLS connections related issues. For example when SSL/TLS session fails all you get is something like this:

Ldap bind error in Connect 91: Can't connect to the LDAP server

Which is insufficient to troubleshoot SSL/TLS related session issues since PassSync fails to propagate and communicate any underlying NSS/NSPR errors.

This makes troubleshooting on Windows either a guessing game or makes it quite complicated and time consuming setup to actually peek at the underlying error and its root cause.

Additional info:

What I propose to implement in PassSync is what we have done in Mozilla LDAP client tools long time ago which goes something like this:

if(lastLdapError != LDAP_SUCCESS)
{
    ...
    int sslerr = PORT_GetError();
    fprintf( stderr, "\tTLS/SSL error %d (%s)\n", sslerr,
		    ldapssl_err2string( sslerr ));
    ...
}

There are just a few places in PassSync code where adding this additional diagnostic would help troubleshooting these types of issues tremendously.


Note You need to log in before you can comment on or make changes to this bug.