[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4494) connections are not asynchrounous

lrm@interlinknetworks.com wrote:
> I have already tried this.  It does not have any affect on SSL connection
> negotitation.
> There is a very interseting comment in the code which indicates someone was
> aware of the problem.  From the 2.3.20 source distribution, file
> libraries/libldap/tls.c (line 1445):
>         /*
>          * Fortunately, the lib uses blocking io...
>          */
>         if ( ldap_int_tls_connect( ld, conn ) < 0 ) {
>                 ld->ld_errno = LDAP_CONNECT_ERROR;
>                 return (ld->ld_errno);
>         }
> And in ldap_int_tls_connect(), there is a call to SSL_connect( ssl ) that has no
> provision for asynchronous operation.  There is no setting of the non-blocking
> option that I can find in this code sequence.
> To reproduce the problem, simply point your ldaps: URL to a TCP server port that
> accepts connections, and does nothing with them.  The LDAP client will hang
> forever (or until the server ephemeral port is closed).

Is it an option for you to use Start TLS instead of ldaps?  In this 
case, code in right HEAD should fix all non-blocking issues, as soon as 
you specify a network timeout and LDAP_OPT_CONNECT_ASYNC (undocumented 
yet, it's been committed just hours ago).

The usage I suggest is to set LDAP_OPT_NETWORK_TIMEOUT to a positive 
value; then set LDAP_OPT_CONNECT_ASYNC to TRUE before performing the 
first operation, and reset it to FALSE after the first operation 
succeeds.  In your case, the first operation would be ldap_start_tls[_s](3).


Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
Office:   +39.02.23998309
Mobile:   +39.333.4963172
Email:    pierangelo.masarati@sys-net.it