[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#8047) TIMEOUT and NETWORK_TIMEOUT don't work properly with SSL

jsynacek@redhat.com wrote:
> Full_Name: Jan Synacek
> Version: 2.4.40
> OS: GNU/Linux
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (
> TIMEOUT and NETWORK_TIMEOUT are not applied when trying to connect to a stalled
> server using SSL. The same scenario works when using an unencrypted connection.

This is a known issue - we don't have async connect/handshake APIs for 
these crypto libraries.
> Reproducer:
> 1) set up a server for use with SSL (localhost connection is enough)
> 2) set NETWORK_TIMEOUT and TIMEOUT in ldap.conf
> 3) slapd -u ldap -g ldap -h "ldapi:/// ldaps://localhost" -d1
> 4) verify that connection works
>     ldapsearch -x -H ldaps://localhost
> 5) kill -STOP <server pid>
> 6) ldapsearch -x -H ldaps://localhost
>     At this point, the client hangs and doesn't properly time out.
> For more information including a packet capture, see the original bug report:
> https://bugzilla.redhat.com/show_bug.cgi?id=1186562#c4
> This bug doesn't seem to be crypto library specific. I reproduced it with both
> moznss and openssl.

   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/