[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#4494) connections are not asynchrounous
lrm@interlinknetworks.com wrote:
> I have already tried this. It does not have any affect on SSL connection
> negotitation.
>
> There is a very interseting comment in the code which indicates someone was
> aware of the problem. From the 2.3.20 source distribution, file
> libraries/libldap/tls.c (line 1445):
>
> /*
> * Fortunately, the lib uses blocking io...
> */
> if ( ldap_int_tls_connect( ld, conn ) < 0 ) {
> ld->ld_errno = LDAP_CONNECT_ERROR;
> return (ld->ld_errno);
> }
>
> And in ldap_int_tls_connect(), there is a call to SSL_connect( ssl ) that has no
> provision for asynchronous operation. There is no setting of the non-blocking
> option that I can find in this code sequence.
>
>
> To reproduce the problem, simply point your ldaps: URL to a TCP server port that
> accepts connections, and does nothing with them. The LDAP client will hang
> forever (or until the server ephemeral port is closed).
Is it an option for you to use Start TLS instead of ldaps? In this
case, code in right HEAD should fix all non-blocking issues, as soon as
you specify a network timeout and LDAP_OPT_CONNECT_ASYNC (undocumented
yet, it's been committed just hours ago).
The usage I suggest is to set LDAP_OPT_NETWORK_TIMEOUT to a positive
value; then set LDAP_OPT_CONNECT_ASYNC to TRUE before performing the
first operation, and reset it to FALSE after the first operation
succeeds. In your case, the first operation would be ldap_start_tls[_s](3).
p.
Ing. Pierangelo Masarati
OpenLDAP Core Team
SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
------------------------------------------
Office: +39.02.23998309
Mobile: +39.333.4963172
Email: pierangelo.masarati@sys-net.it
------------------------------------------