[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#8047) TIMEOUT and NETWORK_TIMEOUT don't work properly with SSL

To: openldap-its@OpenLDAP.org
Subject: (ITS#8047) TIMEOUT and NETWORK_TIMEOUT don't work properly with SSL
From: jsynacek@redhat.com
Date: Tue, 03 Feb 2015 08:38:36 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

Full_Name: Jan Synacek
Version: 2.4.40
OS: GNU/Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (213.175.37.10)


TIMEOUT and NETWORK_TIMEOUT are not applied when trying to connect to a stalled
server using SSL. The same scenario works when using an unencrypted connection.

Reproducer:
1) set up a server for use with SSL (localhost connection is enough)
2) set NETWORK_TIMEOUT and TIMEOUT in ldap.conf
3) slapd -u ldap -g ldap -h "ldapi:/// ldaps://localhost" -d1
4) verify that connection works
   ldapsearch -x -H ldaps://localhost
5) kill -STOP <server pid>
6) ldapsearch -x -H ldaps://localhost
   At this point, the client hangs and doesn't properly time out.

For more information including a packet capture, see the original bug report:
https://bugzilla.redhat.com/show_bug.cgi?id=1186562#c4

This bug doesn't seem to be crypto library specific. I reproduced it with both
moznss and openssl.

Prev by Date: Re: (ITS#8046) query caused slapd to stop
Next by Date: Re: (ITS#8047) TIMEOUT and NETWORK_TIMEOUT don't work properly with SSL
Index(es):
- Chronological
- Thread