diff --git a/CHANGES b/CHANGES
index a17fa2b2c8d708ae304ca7ba6656bfdad3d7765c..f5729548a64821dfa22422fffca64f5660474249 100644
--- a/CHANGES
+++ b/CHANGES
@@ -3,6 +3,7 @@ OpenLDAP 2.4 Change Log
OpenLDAP 2.4.17 Engineering
Fixed liblber to use ber_strnlen (ITS#6080)
Fixed libldap gnutls private key init (ITS#6053)
+ Fixed libldap tls NULL error messages (ITS#6079)
Fixed liblutil opendir/closedir on windows (ITS#6041)
Fixed liblutil for _GNU_SOURCE (ITS#5464,ITS#5666)
Fixed slapd errno handling (ITS#6037)
diff --git a/libraries/libldap/ldap-int.h b/libraries/libldap/ldap-int.h
index f079753ed338cc74e6fcc18e0ac234052eae04b5..883566f4295bde7a0bd0d3e02f624aa91e2c5a58 100644
--- a/libraries/libldap/ldap-int.h
+++ b/libraries/libldap/ldap-int.h
@@ -75,6 +75,9 @@
#ifdef LDAP_DEBUG
+#define DebugTest( level ) \
+ ( ldap_debug & level )
+
#define Debug( level, fmt, arg1, arg2, arg3 ) \
do { if ( ldap_debug & level ) \
ldap_log_printf( NULL, (level), (fmt), (arg1), (arg2), (arg3) ); \
@@ -85,6 +88,7 @@
#else
+#define DebugTest( level ) (0 == 1)
#define Debug( level, fmt, arg1, arg2, arg3 ) ((void)0)
#define LDAP_Debug( subsystem, level, fmt, arg1, arg2, arg3 ) ((void)0)
diff --git a/libraries/libldap/tls2.c b/libraries/libldap/tls2.c
index 69e6f609e84197420021f933f8d217553a11deda..3c440e9e518a3a9cc6e6c6bd958d62770b1af345 100644
--- a/libraries/libldap/tls2.c
+++ b/libraries/libldap/tls2.c
@@ -434,11 +434,14 @@ ldap_pvt_tls_accept( Sockbuf *sb, void *ctx_arg )
if ( err < 0 )
{
- char buf[256];
if ( update_flags( sb, ssl, err )) return 1;
- Debug( LDAP_DEBUG_ANY,"TLS: can't accept: %s.\n",
- tls_imp->ti_session_errmsg( err, buf, sizeof(buf) ),0,0 );
+ if ( DebugTest( LDAP_DEBUG_ANY ) ) {
+ char buf[256], *msg;
+ msg = tls_imp->ti_session_errmsg( err, buf, sizeof(buf) );
+ Debug( LDAP_DEBUG_ANY,"TLS: can't accept: %s.\n",
+ msg ? msg : "(unknown)", 0, 0 );
+ }
ber_sockbuf_remove_io( sb, tls_imp->ti_sbio,
LBER_SBIOD_LEVEL_TRANSPORT );