[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6673) ldap_unbind() hangs on unreachable LDAP server when using TLS



--=-6hDPPEPvd2QOD+/Er+Q8
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Wed, 2010-10-13 at 14:17 -0700, Howard Chu wrote:
> It seems you can workaround this by changing tls_g.c's invocation of=20
> gnutls_bye() to use GNUTLS_SHUT_WR instead of GNUTLS_SHUT_RDWR. However, =
that=20
> strikes me as fundamentally wrong, since libldap is clearly closing both=
=20
> directions when it gets here. I think the bug is in gnutls_bye(), it shou=
ldn't=20
> be waiting indefinitely when it tries to read the peer's Close alert. I'm=
 not=20
> sure it should even be trying to read that at all; some peers may never s=
end it.

I can't comment on the GnuTLS API because I haven't used it before. Can
you file a bugreport with GnuTLS? Do you need any more input from my
end?

> Note that because you're breaking the connection without warning, TCP doe=
sn't=20
> know that the connection is gone, so there will be no error detected when=
=20
> gnutls attempts to send its own Close alert. In this case, it will probab=
ly=20
> block for 2*MSL before getting any further.

In my tests I haven't waited that long (I think). Do you know if there
are any problems with using setsockopt(SO_RCVTIMEO) and
setsockopt(SO_SNDTIMEO) on the socket?

--=20
-- arthur - arthur@arthurdejong.org - http://arthurdejong.org --

--=-6hDPPEPvd2QOD+/Er+Q8
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAABAgAGBQJMt01mAAoJECqLdGgQ4K/B5ogP/ihMljH3hvC7aKd6W4Mt526F
J/W6Gpx8w7UUI2uymq23epRa1s/2aLWnPDpdP9uGbswrdBrOsRrUARWHPRy/I61L
8JhCiFcEXqyMJxrm7sW4uaVTHBS1AZPklCdfQ0+s4JdVKccLjOkUGJFh4sQL5TtA
3syopgjuQ2inqc9+wA3ZuGL3HgiOuLjXQauHQ0YbWdr+QYZjDZcero5RU6HU+jIv
uh+SyQaTiTkzDc8MqGc/ImPZ5R55YORiKUF90Wr+3lGPGCloj8snqfUbMpjNTBkG
jUPKBrl+bKgmKPtnpJzLzeCAZsH/rMdyhL0Apr1AZb5Ay8uHqxE3bHE/bTL7/mxA
J/RvZlIR/BGed1dWWlQ+j2YE8zsCfvUNxH1GbbmWqk6pO+4BbZP/7XHs6rMW7XkL
bT+LwW6J70ZrUFR7XEjkn/a++S7dm9zRoIVDvVgw7HduQSVU+nVQRIwh/CxyGhoG
J8OefK5OEYuAqZjFJk8U1OpslstpGDvMjr7nbnY2TRkAg1QshydvhFaq+cp56Uey
RT97jWFYTYuIUTrWh8SOog/NxE0WaBJuUqx/Lz/mBX7BkJj+zSDT9SD6IntV73eJ
GBBr5wgyEzYyu7pg9uo3Ux16XFp+wwtjMHd8H9/EEEsBjOkuPyGVCz/9CynUgegr
A/rMhnTnXTAt7zM/ydh2
=uUuU
-----END PGP SIGNATURE-----

--=-6hDPPEPvd2QOD+/Er+Q8--