[Patch] Diagnostics for failing start-tls and HOST_NAME_MAX

[Mel Flynn <rflynn [at] acsalaska.net>]

Hello,

attached are two patches. The first changes error output for failing TLS
negotiations from:

nslcd[44623]: [0041a7] <group(all)> ldap_start_tls_s() failed: Connect
error (uri="ldap://192.168.2.104/";)

to:

nslcd[33891]: [0041a7] <group(all)> TLS negotiation with
ldap://192.168.2.104/ failed: Connect error: TLS: hostname does not
match CN in peer certificate.

which allowed me to solve my issue.

The second one fixes compilation on systems where HOST_NAME_MAX is not
defined, but which implement at least POSIX 200112 (which includes all
supported FreeBSD versions).

Hope this helps and thank you for a great product.
-- 
Mel

--- nslcd/myldap.c.orig 2012-01-16 10:55:59.000000000 -0900
+++ nslcd/myldap.c      2012-03-03 04:35:07.000000000 -0900
@@ -386,9 +386,13 @@
     rc=ldap_start_tls_s(ld,NULL,NULL);
     if (rc!=LDAP_SUCCESS)
     {
-      log_log(LOG_WARNING,"ldap_start_tls_s() failed: %s%s%s (uri=\"%s\")",
-                          ldap_err2string(rc),(errno==0)?"":": ",
-                          (errno==0)?"":strerror(errno),uri);
+      char *msg = NULL;
+
+      ldap_get_option(ld, LDAP_OPT_DIAGNOSTIC_MESSAGE, &msg);
+      log_log(LOG_WARNING,"TLS negotiation with %s failed: %s: ", uri,
+          ldap_err2string(rc), (msg) ? msg :
+          "No additional information available.");
+      if (msg) ldap_memfree(msg);
       return rc;
     }
   }

--- nslcd/cfg.c.orig    2011-12-30 14:16:30.000000000 -0900
+++ nslcd/cfg.c 2012-03-03 04:25:53.000000000 -0900
@@ -189,6 +189,9 @@
 {
   int rc;
   char *hostlist=NULL,*nxt;
+#ifndef HOST_NAME_MAX
+  const long HOST_NAME_MAX = sysconf(_SC_HOST_NAME_MAX);
+#endif
   char buf[HOST_NAME_MAX+sizeof("ldap://";)];
   log_log(LOG_DEBUG,"query %s for SRV records",domain);
   rc=ldap_domain2hostlist(domain,&hostlist);

-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/