Full_Name: Ian Puleston Version: 2.4.40 OS: VxWorks URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (204.118.31.3)
I've been using the new non-blocking TLS connect feature added in version 2.4.34 (issue #7428, compiled with LDAP_USE_NON_BLOCKING_TLS) and found a problem that it does not work in a reference/referral. It only works on the default connection, and that can cause a long or permanent hang in SSL_connect as follows, even when a network timeout is set and LDAP_USE_NON_BLOCKING_TLS is on:
ldap_result -> ldap_chase_v3referrals ldap_chase_v3referrals -> ldap_send_server_request ldap_send_server_request -> ldap_new_connection ldap_new_connection -> ldap_int_open_connection ldap_int_open_connection -> ldap_int_tls_start ldap_int_tls_start -> ldap_pvt_tls_connect ldap_pvt_tls_connect -> (v0) tlso_session_connect -> SSL_connect
The problem is that the calls to ber_sockbuf_ctrl with LBER_SB_OPT_SET_NONBLOCK pass the Sockbuf as ld->ld_sb where they should be passing it as sb, that being the Sockbuf for this connection.
The following 3 changes in ldap_int_tls_start fix it:
Change: ber_sockbuf_ctrl( ld->ld_sb, LBER_SB_OPT_SET_NONBLOCK, sb ); to: ber_sockbuf_ctrl( sb, LBER_SB_OPT_SET_NONBLOCK, (void*)1 );
Change: ber_sockbuf_ctrl( ld->ld_sb, LBER_SB_OPT_SET_NONBLOCK, sb ); to: ber_sockbuf_ctrl( sb, LBER_SB_OPT_SET_NONBLOCK, (void*)1 );
Change: ber_sockbuf_ctrl( ld->ld_sb, LBER_SB_OPT_SET_NONBLOCK, NULL ); to: ber_sockbuf_ctrl( sb, LBER_SB_OPT_SET_NONBLOCK, NULL )B3B
Note I also changed the 3rd argument there from "sb" to "(void*)1" just because I think passing sb there is a little confusing. Either will work fine.
Ian