Full_Name: Ian Puleston Version: 2.4.23 OS: VxWorks URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (67.115.118.5)
When using TLS with OpenLDAP client the connection to the server sometimes fails if LDAP_OPT_CONNECT_ASYNC is being used. It appears to be a timing issue so it may work fine in some implementations, and in fact it works fine for me every time if I have any debug output turned on that prints before starting TLS.
The problem is that ldap_int_tls_connect fails, and I'm pretty sure that it fails because it tries to start the TLS handshake before the connect has completed. Adding just one printf at the start of ldap_int_tls_connect delays it enough that it then works OK every time for me, presumably because the connect then completes first.
If I set just the LDAP_DEBUG_PACKETS, LDAP_DEBUG_ARGS and LDAP_DEBUG_CONNS debug flags (0x0e) then it fails and I get just this one message printed: "TLS: can't connect: .".
What appears to be missing is that before calling ldap_int_tls_start from ldap_int_open_connection a call to ldap_int_poll should be made to check if the connect has completed.
Also, something similar may be required before calling ldap_start_tls_s from ldap_new_connection. It ends up calling back to ldap_send_initial_request, so will that work OK when the connection is in state LDAP_CONNST_CONNECTING? Will it result in LDAP_X_CONNECTING being returned?