lists.arthurdejong.org
RSS feed

Re: [PATCH][RFC] set socket timeout for SSL handshake

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: [PATCH][RFC] set socket timeout for SSL handshake



On 08/05/2011 11:59 AM, ext Arthur de Jong wrote:
On Thu, 2011-08-04 at 16:04 +0200, Stefan Völkel wrote:

[...]

Thanks, this probably means that the code that sets SO_RCVTIMEO and
SO_SNDTIMEO on the socket (in do_open()) can go then. This sets the
timeout higher than what is configured with timelimit to allow the LDAP
library to handle the timeout instead (still not sure if OpenLDAP
handles socket timeouts gracefully).

I don't see timeouts being set in do_open(). Do you mean do_close() by any chance?

If yes, I wouldn't remove those, because there is no telling if a library changes that timeout setting.

OTOH, maybe SO_LINGER would be an option here.

I'll merge your patch, very much appreciated. Can you see if you can
move the registering of the callback to do_open() instead of do_bind()?
Also, it is probably best to set the timeout to ldc_timelimit plus half
a second or so.

I moved the callback registering to do_set_options() since all other options are also set there, and do_set_options() is called from do_open().

Also I decided to add another option, sock_timeout, to not hardcode it.

And on top of that, I also created a patch against the 0.7.13 debian package.

regards

        Stefan

Attachment: debian.0.7.13.patch
Description: Text Data

Attachment: nslcd.ssl.patch
Description: Text Data

-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users