https://bugs.openldap.org/show_bug.cgi?id=10330
--- Comment #2 from Ondřej Kuzník ondra@mistotebe.net --- On Thu, Apr 24, 2025 at 09:39:52PM +0000, openldap-its@openldap.org wrote:
This behaviour can also be reproduced without sending any data from the nc server during the TLS negotiation.
To reproduce it consistently in this context, I have to configure the test application to use LDAP_OPT_CONNECT_ASYNC. The revised test application hangs with this traceback:
Hi Michael, yes, this is related to ITS#8047, the fix there is partial, it allowed the initial connection set up to honour timeouts properly, but as acknowledged in there, we don't have an API that lets you do an async TLS handshake like this.
Your only option right now seems to be doing what lloadd does, make the socket non-blocking and manage this internally through ber_sockbuf_ctrl(sb, LBER_SB_OPT_NEEDS_READ/WRITE) + epoll().
If you want to contribute the polling inside libldap mid-handshake (handling the LDAP_OPT_CONNECT_ASYNC on/off cases), we would certainly consider it for inclusion in 2.7.
Thanks,