[Date Prev][Date Next] [Chronological] [Thread] [Top]


> -----Original Message-----
> From: masarati@aero.polimi.it [mailto:masarati@aero.polimi.it]
> Sent: Thursday, February 03, 2011 9:35 PM
> ldap_int_poll() will return -2 if timeout is 0 and the filedes was not
> active.  So ldap_send_server_request() will return LDAP_X_CONNECTING if
> async.

I've hit a new problem with this which I'm pretty sure is a bug (or else an unsupported case) which is that LDAP_OPT_CONNECT_ASYNC doesn't work with TLS connections. It is a timing issue so it may work fine in some implementations, and in fact it works fine for me every time if I have any debug output turned on.

The problem is that ldap_int_tls_connect fails, and I'm pretty sure that it fails because it tries to start the TLS handshake before the connect has completed. Adding just one printf at the start of ldap_int_tls_connect delays it enough that it then works OK every time, presumably because the connect then completes first.

I'm working on a fix now, and I think what is needed is:

1. A call to ldap_int_poll in ldap_int_tls_start if async. Then it should abort without calling ldap_int_tls_connect if not ready (probably return LDAP_X_CONNECTING).

2. In ldap_send_initial_request don't call ldap_send_server_request if lconn_status is LDAP_CONNST_CONNECTING and using TLS (since TLS needs to be started first). Instead return LDAP_X_CONNECTING.

3. Probably something similar to #1 for the case where ldap_start_tls_s is called from ldap_new_connection.

If this all works I'll put in a bug report with a patch.