[email protected] wrote: > Full_Name: Jan Synacek > Version: 2.4.40 > OS: GNU/Linux > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (213.175.37.10) > > > TIMEOUT and NETWORK_TIMEOUT are not applied when trying to connect to a > stalled > server using SSL. The same scenario works when using an unencrypted > connection.
This is a known issue - we don't have async connect/handshake APIs for these crypto libraries. > > Reproducer: > 1) set up a server for use with SSL (localhost connection is enough) > 2) set NETWORK_TIMEOUT and TIMEOUT in ldap.conf > 3) slapd -u ldap -g ldap -h "ldapi:/// ldaps://localhost" -d1 > 4) verify that connection works > ldapsearch -x -H ldaps://localhost > 5) kill -STOP <server pid> > 6) ldapsearch -x -H ldaps://localhost > At this point, the client hangs and doesn't properly time out. > > For more information including a packet capture, see the original bug report: > https://bugzilla.redhat.com/show_bug.cgi?id=1186562#c4 > > This bug doesn't seem to be crypto library specific. I reproduced it with both > moznss and openssl. > > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
