(ITS#8957) Handling of TLS in async mode

[vsmith@interlinknetworks.com]

Full_Name: Vernon Smith
Version: 2.4.47
OS: Ubuntu 12.04
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (2601:40d:4300:679a:8d9a:95ec:46f9:30fd)


I looked at the release notes and there have been a few issues with Async mode
with TSL in 2.4. I had been using 2.3.20 with my own patches to make Async mode
with TLS work with my aplication. I need to upgrade to 2.4 but I have tried many
version of it and none have worked. The basic issue is that the TLS code is
never called so LDAPS connections fail. My symptoms are very similar to the bug
report that caused a fix in 2.4.26 but 2.4.26 is not working for me. I see the
same issue with 2.4.47. If I don't use LDAP_OPT_CONNECT_ASYNC then the
connection works and I get this trace:
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP test.interlinknetworks.com:636
ldap_new_socket: 10
ldap_prepare_socket: 10
ldap_connect_to_host: Trying 192.168.3.26:636
ldap_pvt_connect: fd: 10 tm: 3 async: 0
ldap_ndelay_on: 10
attempting to connect: 
connect errno: 115
ldap_int_poll: fd: 10 tm: 3
ldap_is_sock_ready: 10
ldap_ndelay_off: 10
ldap_pvt_connect: 0
TLS trace: SSL_connect:before/connect initialization
TLS trace: SSL_connect:SSLv2/v3 write client hello A
TLS trace: SSL_connect:unknown state
TLS certificate verification: depth: 1, err: 0, subject: /C=AA/ST=Michigan/L=Ann
Arbor/O=Interlink Networks, Inc./OU=Quality Assurance/CN=autoTest
CA/emailAddress=QAtest@interlinknetworks.com, issuer: /C=AA/ST=Michigan/L=Ann
Arbor/O=Interlink Networks, Inc./OU=Quality Assurance/CN=autoTest
CA/emailAddress=QAtest@interlinknetworks.com
TLS certificate verification: depth: 0, err: 0, subject: /C=US/ST=Michigan/L=Ann
Arbor/O=Interlink Networks Services, LLC./OU=Quality
Assurance/CN=test.interlinknetworks.com/emailAddress=QAtest@interlinknetworks.com,
issuer: /C=AA/ST=Michigan/L=Ann Arbor/O=Interlink Networks, Inc./OU=Quality
Assurance/CN=autoTest CA/emailAddress=QAtest@interlinknetworks.com
TLS trace: SSL_connect:unknown state
TLS trace: SSL_connect:unknown state
TLS trace: SSL_connect:unknown state
TLS trace: SSL_connect:unknown state
TLS trace: SSL_connect:unknown state
TLS trace: SSL_connect:unknown state
TLS trace: SSL_connect:unknown state
TLS trace: SSL_connect:unknown state
ldap_open_defconn: successful
ldap_send_server_request

But with LDAP_OPT_CONNECT_ASYNC enabled I never see the TLS code called and the
connection fails. The trace is:
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP test.interlinknetworks.com:636
ldap_new_socket: 10
ldap_prepare_socket: 10
ldap_connect_to_host: Trying 192.168.3.26:636
ldap_pvt_connect: fd: 10 tm: 3 async: -1
ldap_ndelay_on: 10
attempting to connect: 
connect errno: 115
ldap_open_defconn: successful
ldap_send_server_request
...
ldap_result ld 0x9bd6f70 msgid 1
wait4msg ld 0x9bd6f70 msgid 1 (timeout 0 usec)
wait4msg continue ld 0x9bd6f70 msgid 1 all 1
** ld 0x9bd6f70 Connections:
* host: test.interlinknetworks.com  port: 636  (default)
  refcnt: 2  status: Connected
  last used: Mon Jan 14 15:33:57 2019


** ld 0x9bd6f70 Outstanding Requests:
 * msgid 1,  origid 1, status InProgress
   outstanding referrals 0, parent count 0
  ld 0x9bd6f70 request count 1 (abandoned 0)
** ld 0x9bd6f70 Response Queue:
   Empty
  ld 0x9bd6f70 response count 0
ldap_chkResponseList ld 0x9bd6f70 msgid 1 all 1
ldap_chkResponseList returns ld 0x9bd6f70 NULL
ldap_int_select
read1msg: ld 0x9bd6f70 msgid 1 all 1
ber_get_next failed.
ldap_err2string
... Can't contact LDAP server

Thanks,
Vern