[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#6714) Patch - Mozilla NSS - implement full non-blocking semantics

To: openldap-its@OpenLDAP.org
Subject: (ITS#6714) Patch - Mozilla NSS - implement full non-blocking semantics
From: rmeggins@redhat.com
Date: Thu, 18 Nov 2010 22:37:46 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

Full_Name: Rich Megginson
Version: 2.4.23 (current CVS HEAD)
OS: RHEL6
URL: ftp://ftp.openldap.org/incoming/openldap-2.4.23-use-non-blocking-semantics-20101118.patch
Submission from: (NULL) (76.113.111.209)


This patch implements full non-blocking semantics for the MozNSS crypto
implementation in the same manner as the openssl and gnutls implementations. 
SSL_ForceHandshake can be called repeatedly until it gets enough data to
complete.  One wrinkle is that, when SSL_ForceHandshake returns
PR_WOULD_BLOCK_ERROR, we have no way of knowing if it needs data for a read or a
write (a la openssl SSL_ERROR_WANT_WRITE and SSL_ERROR_WANT_READ).  In order to
keep track of that, we use the io_flag in the tls_data object - if the last
operation called was a read/recv, we set the io_flag to TLSM_READ, and similar
for send/write and TLSM_WRITE.  This way, the upflags function knows how to set
the sbiod needs_read and needs_write flags appropriately.

I also added special handling for the common case where the client uses ldapTOOL
-Z and the TLS fails from the client side (e.g. bogus CA cert file).  In this
case, tlsm_session_accept will get a plain LDAP message beginning with
LBER_SEQUENCE instead of a valid SSL header. The code can short circuit the
process and return a more meaningful error message.

The tlsm_is_io_ready() function is now obsolete - keeping track of the io_flag,
plus using the function SSL_DataPending(), removes the need for the former
function.

I added a convenience function tlsm_get_pvt_tls_data() to get the tls_data
associated with the tlsm_session (secure PRFileDesc).

This patch file is derived from OpenLDAP Software. All of the 
modifications to OpenLDAP Software represented in the following 
patch(es) were developed by Red Hat. Red Hat has not assigned rights 
and/or interest in this work to any party. I, Rich Megginson am 
authorized by Red Hat, my employer, to release this work under the 
following terms.

Red Hat hereby place the following modifications to OpenLDAP Software 
(and only these modifications) into the public domain. Hence, these 
modifications may be freely used and/or redistributed for any purpose 
with or without attribution and/or other notice.

Prev by Date: ITS#6712
Next by Date: (ITS#6715) Broken 'sortvals' for attr with 1 value
Index(es):
- Chronological
- Thread