|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
LDAP SSL/STARTTLS patch nit
Victor.Duchovni
morganstanley.com
Date: Mon Sep 01 2003 - 23:47:12 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
The memory management bugfix looks good, but the starttls patch has a
potential flaw (with no obvious fix...), there is no timeout support in
the synchronous STARTTLS OpenLDAP API nor is there an asynchronous
alternative. As a result a client may hang indefinitely if the server host
dies during the SSL handshake at a time when the client is expecting a
server response.
I fixed the Postfix dict_ldap "bind" code to solve a similar problem there
(I actually observed the hang in real-life on one occasion).
A cleanup or smtpd daemon hung in pre-jail init (opening maps) prevents
the creation of any other cleanup or smtpd processes and effectively stops
Postfix dead in its tracks.
While the failure mode in question is *very* rare (unless your LDAP
servers experience frequent kernel panics or power loss), it is not
IMHO acceptable.
I don't see a simple clean solution. One would need an asynchronous
SSL_connect() primitive inside suitable asynchronous LDAP API entry
points.
A crude workaround is to set an alarm and exit with an error if the SSL
connection does not complete before the alarm fires.
Some thought should also be given to chrooted reconnect scenarios. The
current dict_ldap code tries to reconnect after lookup failures, there is
no exit on connection loss. Thus any certificates need to be present in
the chroot jail... This needs to be tested and documented.
Nits aside, the functionality looks useful. Thanks Liviu!
--
Viktor.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]