From f2bcf31dabb8f69261b0b829fc989e9ba5323ee6 Mon Sep 17 00:00:00 2001
From: neil_a_wilson <neil_a_wilson@localhost>
Date: Mon, 25 Sep 2006 23:14:21 +0000
Subject: [PATCH] Fix a problem in the StartTLS extended operation processing that could cause problems with clients due to a race condition.  Previously, the success response was sent to the client before TLS negotiation was started (because the StartTLS response must be sent in the clear), and it was possible that if a client was able to receive that response and send a subsequent TLS-protected request before the was able to begin the TLS negotiation, then the server would try to handle the client request as if it were in the clear and would not be able to decode it.  The server now prepares to perform the TLS negotiation before sending the response to the client to eliminate that race condition.

---
 opends/src/server/org/opends/server/messages/ProtocolMessages.java |   17 +++++++++++++++++
 1 files changed, 17 insertions(+), 0 deletions(-)

diff --git a/opends/src/server/org/opends/server/messages/ProtocolMessages.java b/opends/src/server/org/opends/server/messages/ProtocolMessages.java
index 0a96460..448c770 100644
--- a/opends/src/server/org/opends/server/messages/ProtocolMessages.java
+++ b/opends/src/server/org/opends/server/messages/ProtocolMessages.java
@@ -4155,6 +4155,19 @@
   public static final int MSGID_ADDRESSMASK_FORMAT_DECODE_ERROR =
        CATEGORY_MASK_PROTOCOL | SEVERITY_MASK_SEVERE_ERROR | 382;
 
+
+
+  /**
+   * The message ID for the message that will be used if an attempt is made to
+   * send a clear-text response over a client connection that doesn't have a
+   * handle to the clear-text security provider.  This takes a single argument,
+   * which is a string representation of the client connection.
+   */
+  public static final int MSGID_LDAP_NO_CLEAR_SECURITY_PROVIDER =
+       CATEGORY_MASK_PROTOCOL | SEVERITY_MASK_MILD_ERROR | 383;
+
+
+
   /**
    * Associates a set of generic messages with the message IDs defined in this
    * class.
@@ -5504,6 +5517,10 @@
                     "close a StartTLS session on a client connection while " +
                     "leaving the underlying TCP connection active.  The " +
                     "TCP connection will be closed.");
+    registerMessage(MSGID_LDAP_NO_CLEAR_SECURITY_PROVIDER,
+                    "LDAP connection handler %s could not send a clear-text " +
+                    "response to the client because it does not have a " +
+                    "reference to a clear connection security provider.");
 
 
     registerMessage(MSGID_LDAP_PAGED_RESULTS_DECODE_NULL,

--
Gitblit v1.10.0