I just pushed latest incarnation of my patch to master. The code in currently hidden behind #ifdefs (mainly for the NSS issues outlined on -devel) and I switch back again to using LDAP_OPT_NETWORK_TIMEOUT for TLS handshake timeouts.

regards, Ralf

On Thu, Nov 01, 2012 at 05:22:42PM +0000, rhafer@suse.de wrote:

Currently libldap is using blocking IO when performing the SSL handshake for ldaps:// connections (and when performing the StartTLS operation). The can lead to the client blocking forever in the ssl lib (in SSL_connect in case of openssl) if e.g. the server for whatever reason stops responding. It would be very helpful if libldap would use non-blocking IO during the handshake at least when LDAP_OPT_NETWORK_TIMEOUT (or LDAP_OPT_TIMEOUT?) are set.