[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#8047) TIMEOUT and NETWORK_TIMEOUT don't work properly with SSL

Full_Name: Jan Synacek
Version: 2.4.40
OS: GNU/Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (

TIMEOUT and NETWORK_TIMEOUT are not applied when trying to connect to a stalled
server using SSL. The same scenario works when using an unencrypted connection.

1) set up a server for use with SSL (localhost connection is enough)
2) set NETWORK_TIMEOUT and TIMEOUT in ldap.conf
3) slapd -u ldap -g ldap -h "ldapi:/// ldaps://localhost" -d1
4) verify that connection works
   ldapsearch -x -H ldaps://localhost
5) kill -STOP <server pid>
6) ldapsearch -x -H ldaps://localhost
   At this point, the client hangs and doesn't properly time out.

For more information including a packet capture, see the original bug report:

This bug doesn't seem to be crypto library specific. I reproduced it with both
moznss and openssl.