[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#6304) Slapd freezes during SSL handshake when TLSVerifyClient=allow

Full_Name: Jan Zeleny
Version: 2.4.18
OS: Fedora 11
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (

Following bug report is a good introduction to the issue:

I managed to reproduce it simply by turning on TLS and setting TLSVerifyClient
allow. In that configuration local connections to ldaps still work, but
connections from remote machines don't work in about 80-90% cases.

I tried to trace the bug, so far I found that when using this option, slapd
sends it's certificate to TCP socket and gets the EAGAIN in the middle of
writing. After that it goes to epoll_wait and there it waits indefinitely. I
suspect the EAGAIN happens because TCP socket is full or something like that.
Notice that when you turn on debugging information about packet handling, this
issue disappears - maybe socket has time to get empty?

I tried and confirmed the bug in several versions of openldap (incl. 2.4.18) and
several Linux distributions to eliminate the possibility this issue is caused by
some other component or it was solved already.