From cc51a621d8fce6320c7b928434461109d78920d8 Mon Sep 17 00:00:00 2001
From: Quanah Gibson-Mount <quanah@openldap.org>
Date: Tue, 17 Nov 2009 18:35:40 +0000
Subject: [PATCH] ITS#6304

---
 CHANGES                    |  1 +
 servers/slapd/connection.c | 13 +++++++++++++
 2 files changed, 14 insertions(+)

diff --git a/CHANGES b/CHANGES
index d0477aeade..99921383cc 100644
--- a/CHANGES
+++ b/CHANGES
@@ -17,6 +17,7 @@ OpenLDAP 2.4.20 Engineering
 	Fixed slapd invalid dn log message (ITS#6309)
 	Fixed slapd lockup on shutdown (ITS#6372)
 	Fixed slapd termination for one level DNs (ITS#6338)
+	Fixed slapd tls_accept to retry in certain cases (ITS#6304)
 	Fixed slapd unused parameter (ITS#6356)
 	Fixed slapd-bdb/hdb cache corruption (ITS#6341)
 	Fixed slapd-bdb/hdb entry cache (ITS#6360)
diff --git a/servers/slapd/connection.c b/servers/slapd/connection.c
index 43faf736a5..80edfb0fd0 100644
--- a/servers/slapd/connection.c
+++ b/servers/slapd/connection.c
@@ -1380,6 +1380,11 @@ connection_read( ber_socket_t s, conn_readinfo *cri )
 			    c->c_connid, (int) s, c->c_tls_ssf, c->c_ssf, 0 );
 			slap_sasl_external( c, c->c_tls_ssf, &authid );
 			if ( authid.bv_val ) free( authid.bv_val );
+		} else if ( rc == 1 ) {	/* need to retry */
+			slapd_set_read( s, 0 );
+			slapd_set_write( s, 1 );
+			connection_return( c );
+			return 0;
 		}
 
 		/* if success and data is ready, fall thru to data input loop */
@@ -1879,6 +1884,14 @@ int connection_write(ber_socket_t s)
 		return -1;
 	}
 
+#ifdef HAVE_TLS
+	if ( c->c_is_tls && c->c_needs_tls_accept ) {
+		connection_return( c );
+		connection_read_activate( s );
+		return 0;
+	}
+#endif
+
 	c->c_n_write++;
 
 	Debug( LDAP_DEBUG_TRACE,
-- 
GitLab