[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#6828) TLS fails to start when LDAP_OPT_CONNECT_ASYNC is used

To: openldap-its@OpenLDAP.org
Subject: (ITS#6828) TLS fails to start when LDAP_OPT_CONNECT_ASYNC is used
From: ipuleston@sonicwall.com
Date: Mon, 14 Feb 2011 18:59:02 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

Full_Name: Ian Puleston
Version: 2.4.23
OS: VxWorks
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (67.115.118.5)


When using TLS with OpenLDAP client the connection to the server sometimes fails
if LDAP_OPT_CONNECT_ASYNC is being used. It appears to be a timing issue so it
may work fine in some implementations, and in fact it works fine for me every
time if I have any debug output turned on that prints before starting TLS.

The problem is that ldap_int_tls_connect fails, and I'm pretty sure that it
fails because it tries to start the TLS handshake before the connect has
completed. Adding just one printf at the start of ldap_int_tls_connect delays it
enough that it then works OK every time for me, presumably because the connect
then completes first.

If I set just the LDAP_DEBUG_PACKETS, LDAP_DEBUG_ARGS and LDAP_DEBUG_CONNS debug
flags (0x0e) then it fails and I get just this one message printed:
  "TLS: can't connect: .".

What appears to be missing is that before calling ldap_int_tls_start from
ldap_int_open_connection a call to ldap_int_poll should be made to check if the
connect has completed.

Also, something similar may be required before calling ldap_start_tls_s from
ldap_new_connection. It ends up calling back to ldap_send_initial_request, so
will that work OK when the connection is in state LDAP_CONNST_CONNECTING? Will
it result in LDAP_X_CONNECTING being returned?

Prev by Date: Re: (ITS#6810) valgrind output
Next by Date: (ITS#6829) Auditlog Mod Patch
Index(es):
- Chronological
- Thread