[erlang-bugs] Problem with timeout on ldaps connection.

Hans Nilsson hans@REDACTED
Wed Nov 19 10:14:49 CET 2014 

Thanks for the report!  I've added it to our backlog.

A workaround could be to start eldap on tcp (= without ssl) and then 
call eldap:start_tls immediatly to upgrade the connection to tls. Most 
servers support this extension.

- Hans

On 2014-11-17 11:22, Wiesław Bieniek wrote:
> Hello,
>
> I'm using ldaps protocol to communicate with LDAP Server
>
> Handle = case eldap:open([LDAPHost], [{port, LDAPPort}, {timeout, 
> Timeout}, {log, LogFun}, {ssl, true}, {sslopts, [{verify, 
> verify_peer}, {reuse_sessions, false}, {cacertfile, CertFile}]}]) of
>                  {ok, H} -> H;
>                  Error -> ?DEBUG("Open Error: [~p]~n", [Error]),
>                           error(Error)
>              end,
>
> When LDAP on LDAPHost:LDAPPort is not working and cannot respond for 
> request this function hangs for about 3 minutes (although the Timeout 
> is set to 1000 (1 sec.)) and then returns with {error, etimedout}.
>
> I made some investigations and the root cause of this seems to be 
> function from eldap:
>
> do_connect(Host, Data, Opts) when Data#eldap.ldaps == false ->
>     gen_tcp:connect(Host, Data#eldap.port, Opts, Data#eldap.timeout);
> do_connect(Host, Data, Opts) when Data#eldap.ldaps == true ->
>     ssl:connect(Host, Data#eldap.port, Opts++Data#eldap.tls_opts).
>
> It does not use timeout when connecting using SSL.
>
> I guess It need fixing is next release.
>
> But there is an additional question:
>
> Due to agreement with user we cannot change any part of OTP 
> Distributions. Only official releases of OTP can be used.
> Is it possible to workaround the problem without updating eldap.erl 
> and recompiling OTP ?
>
> -- 
> *Wiesław Bieniek*
> Projektant Telco BSS R&D
>
> tel. +48 12 646 12 66
> website: www.comarch.pl <http://www.comarch.pl>
>
>
> _______________________________________________
> erlang-bugs mailing list
> erlang-bugs@REDACTED
> http://erlang.org/mailman/listinfo/erlang-bugs

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-bugs/attachments/20141119/018ef704/attachment.htm>

More information about the erlang-bugs mailing list