[email protected] wrote: > Full_Name: Andy > Version: 2.4.30 > OS: Debian Linux (Jessie) > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (67.188.115.159) > > > Hello, > > When connecting over TLS to an LDAP server with high packet loss, my calls to > ldap_sasl_bind_s() block forever some of the time despite have set a 10s limit > on all of LDAP_OPT_NETWORK_TIMEOUT, LDAP_OPT_TIMEOUT and LDAP_OPT_TIMELIMIT. > > I see the following stack trace on the deadlocked process. > > @ 0x7f2ff0c0f8d0 (unknown) > @ 0x7f2ff0c0eac0 __libc_read > @ 0x5cdc68 sb_debug_read > @ 0x5c26f5 tlso_bio_read > @ 0x451b64 BIO_read > @ 0x49bf86 ssl3_read_n > @ 0x49d52b ssl3_get_record > @ 0x49caea ssl3_read_bytes > @ 0x496f61 ssl3_get_message > @ 0x496944 ssl3_get_finished > @ 0x5e4aab ssl3_connect > @ 0x5e164b ssl23_connect > @ 0x5c1b3c tlso_session_connect > @ 0x5b6773 ldap_int_tls_start > @ 0x5b3a77 ldap_int_open_connection > @ 0x5a730e ldap_new_connection > @ 0x5b3365 ldap_open_defconn > @ 0x5a68e3 ldap_send_initial_request > @ 0x5a4c1e ldap_sasl_bind > @ 0x5a4d99 ldap_sasl_bind_s > > Inspecting the source, I see that SSL_connect() is called from > tlso_session_connect(). Does openldap attempt to pass timeout information to > openssl? > > Sorry for the vague bug report. The issue is non-deterministic so it is hard > to > provide too much information. Please let me know what I can do to be more > helpful. > > I was able to find an old posting (from 2006) reporting a similar issue. I'm > uncertain if the root cause is the same or not though. > > http://www.openldap.org/lists/openldap-software/200601/msg00440.html
There is no API for setting a timeout in the TLS library. http://www.openldap.org/lists/openldap-software/200707/msg00346.html -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
