[Date Prev][Date Next] [Chronological] [Thread] [Top]

Fix for SSL connection to Novell NDS LDAP server (ITS#821)

Full_Name: Matt Corey
Version: 2.0.6
OS: FreeBSD & Solaris 8
URL: ftp://ftp.openldap.org/incoming/matt-corey-001011.patch
Submission from: (NULL) (

I have found a problem with an SSL/TLS connection to a Netware NDS server.  If a
is run against the server through an ssl connection (ldapsearch -x -H
"ldaps://yada.yada.yada" ...),
the client hangs in do_ldap_select.  What is happening is that the NDS server
the response to about 8K blocks, sending when either a block is full, or the
last response
is ready to be sent.  If the block sent has multiple results in it, the first
one will be
returned, and the remaining are in the SSL buffer waiting for an SSL_read.  In
wait4msg (result.c),
the call to ber_sockbuf_ctrl to check for data returns indicating that there is
no data ready.
do_ldap_select is called next, blocking indefinitely waiting for data that we
already have.

The fix I made is in libraries/libldap/tls.c in the function sb_tls_ctrl.  I
added a 
hook for LBER_SB_OPT_DATA_READY to check to see if SSL has data waiting with a
call to 
SSL_pending.  If there is data waiting, I return 1, otherwise it lets the next
in the
list handle the option.  

I hope I explained that correctly, but I know that the patch works.