[Date Prev][Date Next] [Chronological] [Thread] [Top]

Client blocking forever in SSL_connect

To: openldap-devel@OpenLDAP.org
Subject: Client blocking forever in SSL_connect
From: Ralf Haferkamp <rhafer@suse.de>
Date: Mon, 19 Dec 2005 19:43:03 +0100
Content-disposition: inline
User-agent: KMail/1.8.2

Hi,

I ran into a problem where an LDAP Client, that uses SSL/TLS (no matter 
whether via ldaps or START_TLS) was indefinitely blocking in the 
SSL_connect() call in libraries/libldap/tls.c.
As libldap mostly uses blocking IO (as far as I understand), the 
SSL_connect call also uses blocking IO (according to the openssl docs) 
and so it can easily block if the server does not reply.

I am wondering if it is possible to add functionallty to the API that 
one can use SSL_connect in a non-blocking fashion. For example by 
setting the underlying socket to non-blocking just before the 
SSL_connect call and using select with the LDAP_OPT_NETWORK_TIMEOUT 
timeout value and setting it back to blocking IO after the SSL 
handshake completed. Similar to what is done in ldap_pvt_connect() in 
libraries/libldap/os-ip.c

Comments or other suggestions?

-- 
regards,
	Ralf

Follow-Ups:
- Re: Client blocking forever in SSL_connect
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: syslog level or (open)ldap level?
Next by Date: Re: syslog level or (open)ldap level?
Index(es):
- Chronological
- Thread