https://bugs.openldap.org/show_bug.cgi?id=10023
--- Comment #1 from ipuleston@sonicwall.com ipuleston@sonicwall.com --- Additionally I spotted an 2nd related issue which came in with this subsequent commit for ITS #8957:
https://git.openldap.org/openldap/openldap/-/commit/09ff530036a04a01ad4250ee...
Note that ticket reports the same "connect errno: 115" followed by "ldap_open_defconn: successful" that I show above, and it probably also a result of the same commit that I referenced above.
What this commit does is to make ldap_int_open_connection call ldap_int_tls_start if LDAP_OPT_X_TLS_HARD is set and ldap_connect_to_host returned -2 (EWOULDBLOCK/EINPROGRESS). There are two problems with doing that:
1. It can't start TLS before the connect has completed. If ldap_int_tls_start does not wait for that then it will fail.
2. If ldap_int_tls_start does wait for the connect to complete then it will have to wait synchronously for that, which will break the asynchronicity of the connect.
To make it properly asynchronous, what should be happening on a -2 return code is that control is returned to the caller of ldap_sasl_bind() etc. with return code LDAP_X_CONNECTING. That caller should then use poll or select to wait for the connect to complete, and then in the case of TLS it would need to make the call to start that (via ldap_int_tls_start).