3 Feb
2015
3 Feb
'15
12:51 a.m.
jsynacek@redhat.com wrote:
Full_Name: Jan Synacek Version: 2.4.40 OS: GNU/Linux URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (213.175.37.10)
TIMEOUT and NETWORK_TIMEOUT are not applied when trying to connect to a stalled server using SSL. The same scenario works when using an unencrypted connection.
This is a known issue - we don't have async connect/handshake APIs for these crypto libraries.
Reproducer:
- set up a server for use with SSL (localhost connection is enough)
- set NETWORK_TIMEOUT and TIMEOUT in ldap.conf
- slapd -u ldap -g ldap -h "ldapi:/// ldaps://localhost" -d1
- verify that connection works ldapsearch -x -H ldaps://localhost
- kill -STOP <server pid>
- ldapsearch -x -H ldaps://localhost At this point, the client hangs and doesn't properly time out.
For more information including a packet capture, see the original bug report: https://bugzilla.redhat.com/show_bug.cgi?id=1186562#c4
This bug doesn't seem to be crypto library specific. I reproduced it with both moznss and openssl.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
3583
Age (days ago)
3583
Last active (days ago)
0 comments
1 participants
participants (1)
-
hyc@symas.com