Re: [PATCH][RFC] set socket timeout for SSL handshake
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
Re: [PATCH][RFC] set socket timeout for SSL handshake
- From: Arthur de Jong <arthur [at] arthurdejong.org>
- To: Stefan Völkel <stefan.volkel.ext [at] nsn.com>
- Cc: nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: Re: [PATCH][RFC] set socket timeout for SSL handshake
- Date: Fri, 05 Aug 2011 11:59:06 +0200
On Thu, 2011-08-04 at 16:04 +0200, Stefan Völkel wrote:
> I created the attached patch, to set SEND and RCV timeouts on the
> socket, after connect() is called, but before SSL takes over.
Thanks for the testing and the patch! Timeout handling always seems to
be tricky in the LDAP library. There are half a dozen options to set and
it still doesn't always work as expected.
> That way, nslcd recieves an error while bind()ing and moves on to the
> next server.
Thanks, this probably means that the code that sets SO_RCVTIMEO and
SO_SNDTIMEO on the socket (in do_open()) can go then. This sets the
timeout higher than what is configured with timelimit to allow the LDAP
library to handle the timeout instead (still not sure if OpenLDAP
handles socket timeouts gracefully).
> The patch is still somewhat rough around the edges, but I'd like to get
> some feedback before going further down this road. Especially if
> something like this would be accepted.
I'll merge your patch, very much appreciated. Can you see if you can
move the registering of the callback to do_open() instead of do_bind()?
Also, it is probably best to set the timeout to ldc_timelimit plus half
a second or so.
--
-- arthur - arthur@arthurdejong.org - http://arthurdejong.org --
--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users