From ce6bc8b4d5c49fee3bbf2feea0e4577b43d46ec7 Mon Sep 17 00:00:00 2001
From: neil_a_wilson <neil_a_wilson@localhost>
Date: Mon, 25 Sep 2006 23:14:21 +0000
Subject: [PATCH] Fix a problem in the StartTLS extended operation processing that could cause problems with clients due to a race condition.  Previously, the success response was sent to the client before TLS negotiation was started (because the StartTLS response must be sent in the clear), and it was possible that if a client was able to receive that response and send a subsequent TLS-protected request before the was able to begin the TLS negotiation, then the server would try to handle the client request as if it were in the clear and would not be able to decode it.  The server now prepares to perform the TLS negotiation before sending the response to the client to eliminate that race condition.

---
 opendj-sdk/opends/src/server/org/opends/server/messages/ProtocolMessages.java |   17 +++++++++++++++++
 1 files changed, 17 insertions(+), 0 deletions(-)

diff --git a/opendj-sdk/opends/src/server/org/opends/server/messages/ProtocolMessages.java b/opendj-sdk/opends/src/server/org/opends/server/messages/ProtocolMessages.java
index 0a96460..448c770 100644
--- a/opendj-sdk/opends/src/server/org/opends/server/messages/ProtocolMessages.java
+++ b/opendj-sdk/opends/src/server/org/opends/server/messages/ProtocolMessages.java
@@ -4155,6 +4155,19 @@
   public static final int MSGID_ADDRESSMASK_FORMAT_DECODE_ERROR =
        CATEGORY_MASK_PROTOCOL | SEVERITY_MASK_SEVERE_ERROR | 382;
 
+
+
+  /**
+   * The message ID for the message that will be used if an attempt is made to
+   * send a clear-text response over a client connection that doesn't have a
+   * handle to the clear-text security provider.  This takes a single argument,
+   * which is a string representation of the client connection.
+   */
+  public static final int MSGID_LDAP_NO_CLEAR_SECURITY_PROVIDER =
+       CATEGORY_MASK_PROTOCOL | SEVERITY_MASK_MILD_ERROR | 383;
+
+
+
   /**
    * Associates a set of generic messages with the message IDs defined in this
    * class.
@@ -5504,6 +5517,10 @@
                     "close a StartTLS session on a client connection while " +
                     "leaving the underlying TCP connection active.  The " +
                     "TCP connection will be closed.");
+    registerMessage(MSGID_LDAP_NO_CLEAR_SECURITY_PROVIDER,
+                    "LDAP connection handler %s could not send a clear-text " +
+                    "response to the client because it does not have a " +
+                    "reference to a clear connection security provider.");
 
 
     registerMessage(MSGID_LDAP_PAGED_RESULTS_DECODE_NULL,

--
Gitblit v1.10.0