[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
(ITS#8167) The new non-blocking TLS connect does not work in a reference/referral
Full_Name: Ian Puleston
Version: 2.4.40
OS: VxWorks
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (204.118.31.3)
I've been using the new non-blocking TLS connect feature added in version 2.4.34
(issue #7428, compiled with LDAP_USE_NON_BLOCKING_TLS) and found a problem that
it does not work in a reference/referral. It only works on the default
connection, and that can cause a long or permanent hang in SSL_connect as
follows, even when a network timeout is set and LDAP_USE_NON_BLOCKING_TLS is
on:
ldap_result -> ldap_chase_v3referrals
ldap_chase_v3referrals -> ldap_send_server_request
ldap_send_server_request -> ldap_new_connection
ldap_new_connection -> ldap_int_open_connection
ldap_int_open_connection -> ldap_int_tls_start
ldap_int_tls_start -> ldap_pvt_tls_connect
ldap_pvt_tls_connect -> (v0)
tlso_session_connect -> SSL_connect
The problem is that the calls to ber_sockbuf_ctrl with LBER_SB_OPT_SET_NONBLOCK
pass the Sockbuf as ld->ld_sb where they should be passing it as sb, that being
the Sockbuf for this connection.
The following 3 changes in ldap_int_tls_start fix it:
Change:
ber_sockbuf_ctrl( ld->ld_sb, LBER_SB_OPT_SET_NONBLOCK, sb );
to:
ber_sockbuf_ctrl( sb, LBER_SB_OPT_SET_NONBLOCK, (void*)1 );
Change:
ber_sockbuf_ctrl( ld->ld_sb, LBER_SB_OPT_SET_NONBLOCK, sb );
to:
ber_sockbuf_ctrl( sb, LBER_SB_OPT_SET_NONBLOCK, (void*)1 );
Change:
ber_sockbuf_ctrl( ld->ld_sb, LBER_SB_OPT_SET_NONBLOCK, NULL );
to:
ber_sockbuf_ctrl( sb, LBER_SB_OPT_SET_NONBLOCK, NULL )B3B
Note I also changed the 3rd argument there from "sb" to "(void*)1" just because
I think passing sb there is a little confusing. Either will work fine.
Ian