[Date Prev][Date Next]
RE: problems on EAGAIN? (was: TLS connect from remote host to slapd hangs)
> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Rainer Clasen
> Rainer Clasen wrote:
> > I can access this slapd fine from the server itself. But
> when I try to
> > contact the new slave from *anywhere* else the connection
> hangs during
> > the initial SSL phase.
> I've run the server under strace. slapd starts sending the CA
> certificates and after several successfull write()s one call
> to write()
> returns EAGAIN. Up to then the client received some certificates and
> then blocks.
> Could it be that slapd chokes on the EAGAIN received when
> writing out the CA certificates?
slapd doesn't have much to do with this; it's the SSL library that takes care
of sending CA certs to the client. The OpenSSL library's write routines give
up whenever a write() returns < 1. In OpenLDAP 2.1.6 the TLS interface in
libldap was fixed to set the SSL retry_write flag when a write resulted in
EAGAIN. Unfortunately (as of 0.9.6g) OpenSSL's send_server_certificate()
function doesn't check the retry_write flag. Maybe it should, but that's a
question for an OpenSSL mailing list.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
Symas: Premier OpenSource Development and Support