[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Client blocking forever in SSL_connect

At 10:19 AM 12/22/2005, Ralf Haferkamp wrote:
>On Thursday 22 December 2005 18:43, Kurt D. Zeilenga wrote:
>> At 10:43 AM 12/19/2005, Ralf Haferkamp wrote:
>> >Hi,
>> >
>> >I ran into a problem where an LDAP Client, that uses SSL/TLS (no
>> > matter whether via ldaps or START_TLS) was indefinitely blocking in
>> > the SSL_connect() call in libraries/libldap/tls.c.
>> >As libldap mostly uses blocking IO (as far as I understand), the
>> >SSL_connect call also uses blocking IO (according to the openssl
>> > docs) and so it can easily block if the server does not reply.
>> >
>> >I am wondering if it is possible to add functionallty to the API
>> > that one can use SSL_connect in a non-blocking fashion. For example
>> > by setting the underlying socket to non-blocking just before the
>> > SSL_connect call and using select with the LDAP_OPT_NETWORK_TIMEOUT
>> > timeout value and setting it back to blocking IO after the SSL
>> > handshake completed. Similar to what is done in ldap_pvt_connect()
>> > in libraries/libldap/os-ip.c
>> >
>> >Comments or other suggestions?
>> What API would you provide to the program to continue the
>> communication once blocking condition was removed?
>I am not sure if I understand your question. My orignal idea was to do 
>it without any addtional API and hide the non-blocking SSL-handshake 
>completely inside the ldap_int_tls_connect() function.

That seems to imply that ldap_int_tls_connect would then block,
what would be the point of that?