[Date Prev][Date Next]
Re: (ITS#8047) TIMEOUT and NETWORK_TIMEOUT don't work properly with SSL
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#8047) TIMEOUT and NETWORK_TIMEOUT don't work properly with SSL
- From: firstname.lastname@example.org
- Date: Tue, 03 Feb 2015 08:51:07 +0000
- Auto-submitted: auto-generated (OpenLDAP-ITS)
> Full_Name: Jan Synacek
> Version: 2.4.40
> OS: GNU/Linux
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (18.104.22.168)
> TIMEOUT and NETWORK_TIMEOUT are not applied when trying to connect to a stalled
> server using SSL. The same scenario works when using an unencrypted connection.
This is a known issue - we don't have async connect/handshake APIs for
these crypto libraries.
> 1) set up a server for use with SSL (localhost connection is enough)
> 2) set NETWORK_TIMEOUT and TIMEOUT in ldap.conf
> 3) slapd -u ldap -g ldap -h "ldapi:/// ldaps://localhost" -d1
> 4) verify that connection works
> ldapsearch -x -H ldaps://localhost
> 5) kill -STOP <server pid>
> 6) ldapsearch -x -H ldaps://localhost
> At this point, the client hangs and doesn't properly time out.
> For more information including a packet capture, see the original bug report:
> This bug doesn't seem to be crypto library specific. I reproduced it with both
> moznss and openssl.
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/