Commit d4a0a9b3 authored by Vernon Smith's avatar Vernon Smith Committed by Quanah Gibson-Mount
Browse files

ITS#8980 fix async connections with non-blocking TLS

parent 9bd7ad94
......@@ -443,7 +443,7 @@ ldap_pvt_connect(LDAP *ld, ber_socket_t s,
if ( connect(s, sin, addrlen) != AC_SOCKET_ERROR ) {
osip_debug(ld, "connect success\n", 0, 0, 0);
if ( opt_tv && ldap_pvt_ndelay_off(ld, s) == -1 )
if ( !async && opt_tv && ldap_pvt_ndelay_off(ld, s) == -1 )
return ( -1 );
return ( 0 );
}
......
......@@ -826,7 +826,7 @@ ldap_int_tls_start ( LDAP *ld, LDAPConn *conn, LDAPURLDesc *srv )
Sockbuf *sb;
char *host;
void *ssl;
int ret;
int ret, async;
#ifdef LDAP_USE_NON_BLOCKING_TLS
struct timeval start_time_tv, tv, tv0;
ber_socket_t sd = AC_SOCKET_ERROR;
......@@ -853,8 +853,12 @@ ldap_int_tls_start ( LDAP *ld, LDAPConn *conn, LDAPURLDesc *srv )
/*
* Use non-blocking io during SSL Handshake when a timeout is configured
*/
async = LDAP_BOOL_GET( &ld->ld_options, LDAP_BOOL_CONNECT_ASYNC );
if ( ld->ld_options.ldo_tm_net.tv_sec >= 0 ) {
ber_sockbuf_ctrl( sb, LBER_SB_OPT_SET_NONBLOCK, (void*)1 );
if ( !async ) {
/* if async, this has already been set */
ber_sockbuf_ctrl( sb, LBER_SB_OPT_SET_NONBLOCK, (void*)1 );
}
ber_sockbuf_ctrl( sb, LBER_SB_OPT_GET_FD, &sd );
tv = ld->ld_options.ldo_tm_net;
tv0 = tv;
......@@ -888,8 +892,10 @@ ldap_int_tls_start ( LDAP *ld, LDAPConn *conn, LDAPURLDesc *srv )
ld->ld_errno = LDAP_TIMEOUT;
break;
} else {
/* ldap_int_poll called ldap_pvt_ndelay_off */
ber_sockbuf_ctrl( sb, LBER_SB_OPT_SET_NONBLOCK, (void*)1 );
/* ldap_int_poll called ldap_pvt_ndelay_off if not async */
if ( !async ) {
ber_sockbuf_ctrl( sb, LBER_SB_OPT_SET_NONBLOCK, (void*)1 );
}
ret = ldap_int_tls_connect( ld, conn, host );
if ( ret > 0 ) { /* need to call tls_connect once more */
struct timeval curr_time_tv, delta_tv;
......@@ -936,7 +942,8 @@ ldap_int_tls_start ( LDAP *ld, LDAPConn *conn, LDAPURLDesc *srv )
}
}
}
if ( ld->ld_options.ldo_tm_net.tv_sec >= 0 ) {
/* Leave it nonblocking if async */
if ( !async && ld->ld_options.ldo_tm_net.tv_sec >= 0 ) {
ber_sockbuf_ctrl( sb, LBER_SB_OPT_SET_NONBLOCK, NULL );
}
#endif /* LDAP_USE_NON_BLOCKING_TLS */
......
......@@ -452,7 +452,19 @@ tlso_session_connect( LDAP *ld, tls_session *sess )
tlso_session *s = (tlso_session *)sess;
/* Caller expects 0 = success, OpenSSL returns 1 = success */
return SSL_connect( s ) - 1;
int rc = SSL_connect( s ) - 1;
#ifdef LDAP_USE_NON_BLOCKING_TLS
if ( rc < 0 ) {
int sockerr = sock_errno();
int sslerr = SSL_get_error( s, rc+1 );
if ( sslerr == SSL_ERROR_WANT_READ || sslerr == SSL_ERROR_WANT_WRITE ) {
rc = 0;
} else if ( sslerr == SSL_ERROR_SYSCALL &&
( sockerr == EAGAIN || sockerr == ENOTCONN )) {
rc = 0;
}
}
#endif /* LDAP_USE_NON_BLOCKING_TLS */
}
static int
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment