--=-6hDPPEPvd2QOD+/Er+Q8 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable

On Wed, 2010-10-13 at 14:17 -0700, Howard Chu wrote:

It seems you can workaround this by changing tls_g.c's invocation of=20 gnutls_bye() to use GNUTLS_SHUT_WR instead of GNUTLS_SHUT_RDWR. However, =

that=20

strikes me as fundamentally wrong, since libldap is clearly closing both=

=20

directions when it gets here. I think the bug is in gnutls_bye(), it shou=

ldn't=20

be waiting indefinitely when it tries to read the peer's Close alert. I'm=

not=20

sure it should even be trying to read that at all; some peers may never s=

end it.

I can't comment on the GnuTLS API because I haven't used it before. Can you file a bugreport with GnuTLS? Do you need any more input from my end?

Note that because you're breaking the connection without warning, TCP doe=

sn't=20

know that the connection is gone, so there will be no error detected when=

=20

gnutls attempts to send its own Close alert. In this case, it will probab=

ly=20

block for 2*MSL before getting any further.

In my tests I haven't waited that long (I think). Do you know if there are any problems with using setsockopt(SO_RCVTIMEO) and setsockopt(SO_SNDTIMEO) on the socket?

--=20 -- arthur - arthur@arthurdejong.org - http://arthurdejong.org --

--=-6hDPPEPvd2QOD+/Er+Q8 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part

--=-6hDPPEPvd2QOD+/Er+Q8--