From f2bcf31dabb8f69261b0b829fc989e9ba5323ee6 Mon Sep 17 00:00:00 2001
From: neil_a_wilson <neil_a_wilson@localhost>
Date: Mon, 25 Sep 2006 23:14:21 +0000
Subject: [PATCH] Fix a problem in the StartTLS extended operation processing that could cause problems with clients due to a race condition.  Previously, the success response was sent to the client before TLS negotiation was started (because the StartTLS response must be sent in the clear), and it was possible that if a client was able to receive that response and send a subsequent TLS-protected request before the was able to begin the TLS negotiation, then the server would try to handle the client request as if it were in the clear and would not be able to decode it.  The server now prepares to perform the TLS negotiation before sending the response to the client to eliminate that race condition.

---
 opends/src/server/org/opends/server/messages/ExtensionsMessages.java |   15 +++++++++++++++
 1 files changed, 15 insertions(+), 0 deletions(-)

diff --git a/opends/src/server/org/opends/server/messages/ExtensionsMessages.java b/opends/src/server/org/opends/server/messages/ExtensionsMessages.java
index e114c61..1cc7df3 100644
--- a/opends/src/server/org/opends/server/messages/ExtensionsMessages.java
+++ b/opends/src/server/org/opends/server/messages/ExtensionsMessages.java
@@ -4003,6 +4003,17 @@
 
 
   /**
+   * The message ID for the message that will be used if an error occurs while
+   * attempting to send the clear-text StartTLS response after initiating TLS
+   * negotiation.  This takes a single argument, which is a string
+   * representation of the exception that was caught.
+   */
+  public static final int MSGID_STARTTLS_ERROR_SENDING_CLEAR_RESPONSE =
+       CATEGORY_MASK_EXTENSIONS | SEVERITY_MASK_MILD_ERROR | 379;
+
+
+
+  /**
    * Associates a set of generic messages with the message IDs defined in this
    * class.
    */
@@ -4818,6 +4829,10 @@
                     "An unexpected error occurred while attempting to enable " +
                     "the TLS connection security manager on the client " +
                     "connection for the purpose of StartTLS:  %s.");
+    registerMessage(MSGID_STARTTLS_ERROR_SENDING_CLEAR_RESPONSE,
+                    "An unexpected error occurred while attempting to " +
+                    "send the clear-text response to the client after " +
+                    "starting TLS negotiation:  %s.");
 
 
 

--
Gitblit v1.10.0