Hi Maxim,
Do you know whether or not the problem you mentioned below is fixed?
I'm finally implementing the usage of my own SSL I/O functions and can
see the problem you mentioned below. I'm using standard Netscape libs.
On Win2k, by simply returning 1 from my liof_selec function, it appears to
be working (at least in controlled environment). I need to run stress
test and see what happens.
Any thoughts/info on if and when the fix will be available on Netscape
and/or Mozilla.
Thank you very much for your input.
---Rooben
Maxim Kreynin wrote:
> Hi
>
> The only good and reliable way to use your own SSL is to use:
> ldap_set_option( ld, LDAP_OPT_IO_FN_PTRS, &my_io_struct);
>
> and populate my_io_struct with your own implementation of I/O
> functions. The caveat is to have every single one of them
> reimplemented - otherwise you'll get access violation at run-time.
> Using default I/Os as a base for your own implementation is a good
> start 'cause there's only 4 functions you really need to override
> (extend, to be precise) to implement SSL - connect, read, write,
> close. Once you have your functions implemented, all you need to do to
> initialize SSL is to call ldap_set_option after ldap_init - that's
> all.
>
> The only problem I've come across with this approach is the need to
> override liof_select. One of the file descriptors passed into a call
> back (i.e. your own implementation of select) is invalid which causes
> the OS native select() to return -1 and set the last error. Trying to
> ignore the returned value and return 1 doesn't work 'cause further up
> the stack the last error code gets checked.
>
> The real fix for this problem has to be made in
> nsldapi_install_compat_io_fns (os-ip.c). Custom I/O functions'
> installation should be conditioned on having each one of those
> functions specified in iofns.
>
> Michael, I'm willing to provide the fix and let you put in it if you
> like.
>
> Max Kreynin
