From 61695772c54ab6efaecfa9e9160f1c9e63963a9d Mon Sep 17 00:00:00 2001
From: "Lorenzo M. Catucci" <lorenzo@sancho.ccd.uniroma2.it>
Date: Thu, 12 May 2016 19:14:43 -0700
Subject: [PATCH] Raise an explicit BackendError on TLS failures

This change is a port of an existing pull request for ldappool [1]

It simply raises a more appropriate error / stacktrace if unable
to bind.

[1] https://github.com/mozilla-services/ldappool/pull/3

Change-Id: I3a17160a76122a1e4d05112fc86e346dea5dd88b
---
 ldappool/__init__.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/ldappool/__init__.py b/ldappool/__init__.py
index 9cc8a9b..3807e71 100644
--- a/ldappool/__init__.py
+++ b/ldappool/__init__.py
@@ -187,6 +187,12 @@ class ConnectionManager(object):
     def _bind(self, conn, bind, passwd):
         # let's bind
         if self.use_tls:
+            try:
+                conn.start_tls_s()
+            except Exception:
+                raise BackendError('Could not activate TLS on established '
+                                   'connection with %s' % self.uri,
+                                   backend=conn)
             conn.start_tls_s()
 
         if bind is not None: