[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: race condition in -lldap/openssl??

To: "Dax Kelson" <dax@gurulabs.com>
Subject: RE: race condition in -lldap/openssl??
From: "Howard Chu" <hyc@highlandsun.com>
Date: Thu, 7 Feb 2002 13:45:04 -0800
Cc: <nalin@redhat.com>, <openldap-devel@OpenLDAP.org>, <lukeh@PADL.COM>
Importance: Normal
In-reply-to: <Pine.LNX.4.33.0202071034220.2215-100000@aramis.gurulabs.com>

If there is a race condition, you're going to have to find it somewhere
other than on the OpenLDAP mailing lists. libldap's use of TLS is very
simple
and there are no synchronization issues there. The only thing I could
suggest
is to remember that even in libldap_r, the re-entrant LDAP library, only one
thread at a time is allowed to operate on a given LDAP session handle. When
you honor that restriction, there can be no race conditions. If this
condition
is not being honored by the callers of the LDAP library, then all bets are
off.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

> -----Original Message-----
> From: Dax Kelson [mailto:dax@gurulabs.com]
> Sent: Thursday, February 07, 2002 9:42 AM
> To: Howard Chu
> Cc: Dax Kelson; nalin@redhat.com; openldap-devel@OpenLDAP.org;
> lukeh@PADL.COM
> Subject: RE: race condition in -lldap/openssl??
>
>
> On Thu, 7 Feb 2002, Howard Chu wrote:
>
> > This is most likely a bug in OpenSSL 0.9.6b, you should try again with
> > OpenSSL 0.9.6c before chasing this any further. The CHANGES
> file for 0.9.6c
> > specifically mentions some race conditions that are fixed since the 'b'
> > version.
> >
> >   -- Howard Chu
>
>
> I installed OpenSSL 0.9.6c (provides libssl.so.3 and libcrypto.so.3),
> rebuilt OpenLDAP and nss/pam_ldap, and OpenSSH, same problem:
>
> # ldd /lib/security/pam_ldap.so | egrep '(libssl|libcrypto)'
>         libssl.so.3 => /lib/libssl.so.3 (0x40098000)
>         libcrypto.so.3 => /lib/libcrypto.so.3 (0x400c6000)
>
> # ldd /usr/lib/libldap.so.2 | egrep '(libssl|libcrypto)'
>         libssl.so.3 => /lib/libssl.so.3 (0x400aa000)
>         libcrypto.so.3 => /lib/libcrypto.so.3 (0x400d9000)
>
> I saw the problem, and re-added my debug to tls.c (in openldap).
>
> Not bogged down produces:
>
> Feb  7 10:33:25 mooru sshd[25101]: SSL_connect returned 0
> Feb  7 10:33:25 mooru sshd[25101]: SSL_ERROR_SYSCALL
> Feb  7 10:33:25 mooru sshd[25101]: TLS: can't connect.
> Feb  7 10:33:25 mooru sshd[25101]: pam_ldap: ldap_starttls_s:
> Connect error
>
> Bogged down I can login:
>
> Feb  7 10:33:33 mooru sshd[25103]: SSL_connect returned 1

References:
- RE: race condition in -lldap/openssl??
  - From: Dax Kelson <dax@gurulabs.com>

Prev by Date: RE: race condition in -lldap/openssl??
Next by Date: RE: partial replication of entries/attributes
Index(es):
- Chronological
- Thread