[Date Prev][Date Next]
Re: (ITS#6673) ldap_unbind() hangs on unreachable LDAP server when using TLS
Content-Type: text/plain; charset="UTF-8"
On Wed, 2010-10-13 at 14:17 -0700, Howard Chu wrote:
> It seems you can workaround this by changing tls_g.c's invocation of=20
> gnutls_bye() to use GNUTLS_SHUT_WR instead of GNUTLS_SHUT_RDWR. However, =
> strikes me as fundamentally wrong, since libldap is clearly closing both=
> directions when it gets here. I think the bug is in gnutls_bye(), it shou=
> be waiting indefinitely when it tries to read the peer's Close alert. I'm=
> sure it should even be trying to read that at all; some peers may never s=
I can't comment on the GnuTLS API because I haven't used it before. Can
you file a bugreport with GnuTLS? Do you need any more input from my
> Note that because you're breaking the connection without warning, TCP doe=
> know that the connection is gone, so there will be no error detected when=
> gnutls attempts to send its own Close alert. In this case, it will probab=
> block for 2*MSL before getting any further.
In my tests I haven't waited that long (I think). Do you know if there
are any problems with using setsockopt(SO_RCVTIMEO) and
setsockopt(SO_SNDTIMEO) on the socket?
-- arthur - firstname.lastname@example.org - http://arthurdejong.org --
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
-----END PGP SIGNATURE-----