From f2bcf31dabb8f69261b0b829fc989e9ba5323ee6 Mon Sep 17 00:00:00 2001
From: neil_a_wilson <neil_a_wilson@localhost>
Date: Mon, 25 Sep 2006 23:14:21 +0000
Subject: [PATCH] Fix a problem in the StartTLS extended operation processing that could cause problems with clients due to a race condition. Previously, the success response was sent to the client before TLS negotiation was started (because the StartTLS response must be sent in the clear), and it was possible that if a client was able to receive that response and send a subsequent TLS-protected request before the was able to begin the TLS negotiation, then the server would try to handle the client request as if it were in the clear and would not be able to decode it. The server now prepares to perform the TLS negotiation before sending the response to the client to eliminate that race condition.
---
opends/src/server/org/opends/server/core/ExtendedOperation.java | 17 +++++++++++++++++
1 files changed, 17 insertions(+), 0 deletions(-)
diff --git a/opends/src/server/org/opends/server/core/ExtendedOperation.java b/opends/src/server/org/opends/server/core/ExtendedOperation.java
index fc0cb55..8e76852 100644
--- a/opends/src/server/org/opends/server/core/ExtendedOperation.java
+++ b/opends/src/server/org/opends/server/core/ExtendedOperation.java
@@ -702,6 +702,23 @@
/**
+ * Indicates whether the response for this extended operation has been sent
+ * from somewhere outside of this class. This should only be used by the
+ * StartTLS extended operation for the case in which it needs to send a
+ * response in the clear after TLS negotiation has already started on the
+ * connection.
+ */
+ public void setResponseSent()
+ {
+ assert debugEnter(CLASS_NAME, "setResponseSent",
+ String.valueOf(responseSent));
+
+ this.responseSent = true;
+ }
+
+
+
+ /**
* Attempts to cancel this operation before processing has completed.
*
* @param cancelRequest Information about the way in which the operation
--
Gitblit v1.10.0